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Web  services  potential?  Technology  promises  Quality  over  quantity  Bandwidth  is  getting  cheaper, 

a  lot  but  experts  warn  users  to  keep  expectations  in  check.  PAGE  8.  but  quality  of  service  might  be  a  better  long-term  solution.  PAGE  24. 


VPN:  Hold  the  firewall 

Check  Point  sees  package  removing  obstacle,  cutting  costs. 


Seven  things  users 
want  from  Verizon 

“  When  it  comes  to  the  last  mile,  Verizon  is  the  Big  Kahuna. 
Id  just  like  to  see  them  recognize  that  there  is  some 
competition  in  the  marketplace” 

Paul  Ladd,  director  of  MIS,  Suffolk  University 


■  BY  TIM  GREENE 

REDWOOD  CITY  CALIF  — 
Check  Fbint  Software  will  intro¬ 
duce  this  week  a  stripped-down 
version  of  its  popular  virtual  pri¬ 
vate  network  software  in  an  effort 
to  get  users  to  make  the  leap  to 
VPNs  even  if  they  have  firewalls 
from  other  vendors. 

According  to  Check  Fbint,  users 
are  reluctant  to  try  VPNs  because 
the  gear  often  comes  bundled 
with  firewalls,  and  customers 
don’t  want  to  pay  for  something 
they  already  have.  So  rather  than 
a  fully  configurable  firewall, 
Check  Point’s  new  VPN-1  Net 
combines  VPN  functions  with 
four  basic  stateful-inspection  fire¬ 
wall  options:  allow  all  traffic; 
allow  all  encrypted  traffic;  allow 
only  encrypted  traffic;  and  block 
all  traffic. 

To  further  entice  users,  Check 
Fbint  is  introducing  a  new  pric¬ 
ing  scheme  to  make  it  easier  to 
directly  compare  the  cost  of 
frame  relay  with  VPNs.  The  latter 
can  cost  $300  to  $1,600  less  per 
site  per  month  vs.  frame  relay. 
“[Check  Point]  is  encouraging 
users  to  extend  their  networks  to 
sites  where  they  can’t  justify  a 
frame  relay  connection  today” 
says  Rosemary  Cochran,  an  ana¬ 
lyst  for  Vertical  Systems  Group. 

With  VPN-1  Net,  Check  Fbint 


■  BY  MICHAEL  MARTIN 

Verizon  CEO  Ivan  Seidenberg 
has  focused  on  expansion  since 
1996,  when  as  CEO  of  Nynex  he 
hammered  out  a  merger  with  Bell 


charges  a  one-time  fee  for  a  VPN-1 
software  license  that  covers  a  cer¬ 
tain  number  of  VPN  tunnels  per 
site.  For  example,  a  license  for  five 
tunnels  costs  $1,000,  so  setting  up 
a  link  between  two  sites  would 
cost  $2,000.  Check  Fbint  central¬ 
ized  management  software  to 
control  the  environment  costs 
another  $15,000.  The  access  link 
would  be  an  Internet  connection 
that  a  company  has  in  place  and 
is  paying  for  anyway 
By  contrast,  a  single  56K  bit/sec 
frame  relay  connection  costs 
$300  to  $500  per  month  and  a 
See  Check  Point,  page  12 


Atlantic.  His  latest  expansion  plan 
is  to  continue  winning  long-dis¬ 
tance  approval  in  states  where 
Verizon  is  the  incumbent  local 
provider.  But  before  Seidenberg 
and  Verizon  set  their  sights  on  be 
coming  a  national  player  in  the 
U.S.  long-distance  market,  users 
polled  by  Network  World  say  there 
are  plenty  of  things  on  the  local 
side  that  Verizon  needs  to  do. 

ICome  up  with  a 
better  trouble- 
■  ticket  process. 

“We  constantly  have  problems 

See  Verizon,  page  16 
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Vendors  up 
the  volume 
on  VoIP 


■  BY  PHIL  HOCHMUTH 

SEATTLE  —  This  week’s  Voice 
on  the  Net  show  will  feature 
new  wares  that  help  customers 
mix  legacy  phone  gear  with  an 
IP  PBX,add  multimedia 
communications  to 
call  centers  and  better 
integrate  the  latest 
voice-over-IP  technolo¬ 
gies  with  existing 
network  and  security 
infrastructures. 

The  heightened  ven¬ 
dor  activity  comes  as 
customer  appetites  for 
large-scale  IP  telephony 
are  growing,  experts  say 

“Last  year,  we  saw  a  lot 
of  clients  doing  tiny 
proof-of-concept  types  of  imple¬ 
mentations  in  places  where  they 
could  ring  a  fence  around  the 
VoIP  activity  in  a  particular  area 
and  not  worry  about  it  degrad¬ 
ing  the  network,”  says  Rick 
Hughes,  an  IT  consultant  with 
PricewaterhouseCoopers.  “Over 
the  last  three  months,  client 
activity  has  moved  toward  full¬ 
blown  implementations.” 

That  movement  will  be  seen 
front-and-center  at  VON. 

Citel,  a  U.K.  maker  of  VoIP  gate¬ 
ways,  will  show  off  its  CitelLink 
Handset  Gateway  card,  which 
will  let  digital  PBX  phones  tie 
into  a  3Com  NBX  IP  PBX  system. 


Scheduled  to  be  released  in 
June,  the  module  will  fit  into  an 
available  3Com  NBX  100  chassis 
and  let  16  digital  phone  ports  ac¬ 
cess  the  NBX  system  (for  about 
$125  per  digital  phone). The  de¬ 


vice  will  support  Nortel  digital 
handsets  in  its  first  release;  later 
releases  are  planned  to  support 
other  vendors’  digital  phones,  the 
company  says.  Other  vendors  that 
mix  digital  phones  with  VoIP  in¬ 
clude  MCK  Communications  and 
Shoreline  Communications. 

Most  common  features  of  the 
NBX,  such  as  call  transfer,  hold, 
speed  dial  and  voice  mail  re¬ 
trieval,  will  be  available  on  digital 
phones  attached  to  the  system. 
The  product  is  targeted  at  busi 
nesses  interested  in  buying  an 
IP-based  phone  system,  but 
unwilling  to  roll  out  IP  phones  to 
See  VON,  page  68 


IP  phone  pickup  | 


The  average 
size  of  a  VoIP 
installation 
grew  last  year, 
signaling  in¬ 
creased  con¬ 
fidence  in  the 
technology. 

SOURCE:  IN-STAT/MDR 


Average  per 
site  deployment 
of  IP  phones 
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Microsoft  and  NetlQ  make  it  easier  to  manage  your  entire  Windows 
Server  environment.  You’ve  got  servers  running  Windows®  2000  here, 
servers  running  Windows  NT®  in  the  next  building,  and  a  mix  of  platforms 
running  in  your  plants  overseas.  Managing  a  global-class  enterprise  sure 
means  a  lot  of  running. 

Which  is  why  Microsoft  and  NetlQ  teamed  up  to  deliver  a  way  to  manage 


your  entire  Windows  Server  environment  from  one  very  convenient  place:  your 
desk.  It  starts  with  Microsoft®  Operations  Manager  2000,  the  most  effective 
way  to  manage  all  your  Windows  2000-based  servers  and  applications,  from 
proactive  alerting  to  performance  monitoring  to  event  collection  and  reporting. 

By  adding  NetlQ  Extended  Management  Pack  modules,  you  can  also 
monitor  Windows  NT  4.0  as  well  as  other  Microsoft  servers:  mission-critical 


C>  2002  Microsoft  Corpoidtion  and  NetlQ  Corporation  All  rights  reserved.  Microsoft.  Windows,  and  Windows  NT  are  either  registered  trademarks  or  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  The  names  of  actual  companies  and  products  mentioned 


applications  like  Oracle  RDBMS  and  Lotus  Domino;  and  large-scale  enterprise 
platforms  like  UNIX  and  NetWare.  All  from  one  centralized  console. 

Which  means  that  you  spend  a  lot  less  time  running  around  your 
■enterprise,  and  a  lot  more  time  simply  and  effectively  managing  it.  Get  a 
;  head  start  on  reducing  your  management  burden  with  a  visit  to  netiq.com 
[/manageability  today.  Software  for  the  Agile  Business. 
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THREE  OF  THE  WORST  TIMES  TO  START  PLANNING 
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Business  Continuity  Solutions 

Nothing  gives  you  more  peace  of  mind  than  knowing  your 
business  is  already  prepared  to  handle  anything.  To  find  out  how 
ready  you  are  for  the  future,  take  our  Vulnerability  Assessment 
Test  today.  It's  the  quickest  way  to  put  your  mind  at  ease. 
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NetWare  vulnerability  flagged 

■  IT  managers  of  NetWare  5.1  and  6  networks  should  be  aware  of 
a  vulnerability  to  the  operating  system  that  makes  it  subject  to 
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joined  Microsoft  in  September  1999  as  group  vice  president  of  its  consumer  group. 

Microsoft  patches  new  holes  in  NT,  2000 

■  Microsoft  last  week  announced  two  new  moderate-risk  security  holes  that  affect 
Windows  NT/2000  and  offered  patches  to  fix  both. The  more  serious  of  the  two  affects 
most  versions  of  Win  2000  and  NT,  and  could  let  an  attacker  elevate  privileges  or  run 
code  on  a  local  machine.  The  vulnerability  affects  the  Multiple  Uniform  Naming 
Convention  Provider  service  on  these  systems,  which  helps  them  identify  the  location 
of  network  resources.  The  second  vulnerability  affects  Win  2000  Server  products  and 
can  let  an  attacker  block  the  application  of  Group  Policy. 

FileNet  to  acquire  eGrail 

■  FileNet  last  week  said  it  is  spending  $10  million  to  acquire  eGrail  in  a  move  intended 
to  add  to  its  product  portfolio  a  document  management  system  that  can  compete 
against  those  from  rival  vendors  such  as  Interwoven  and  Documentum.  FileNet  gains 
eGrails  Enterprise  Content  Server  technology  and  “substantially  all" of  its  staff,  including 
a  40-person  development  team.  FileNet  plans  to  integrate  the  eGrail  Enterprise  Content 
Server  into  its  flagship  Panagon  line  of  content  infrastructure  management  software  and 
its  newly  created  Brightspire  portfolio  of  commerce  tools.The  company  also  will  con¬ 
tinue  selling  eGrails  software  as  a  stand-alone  tool. 


intrusions  that  could  cause  the  system  to  crash.  IX- 
Security.com,  an  IT  security  firm,  reported  last  week  that 
NetWare  5.1  and  6  are  vulnerable  to  a  buffer  overflow 
condition  that  could  affect  server  operation.  Both 
operating  systems  can  be  attacked  through  the 
NetWare  6  Remote  Manager  utility  also  called  the 
Portal  NLM  (NetWare  Loadable  Module),  a  Web- 
based  server  management  interface.  With  scripts  or 
just  the  correct  combination  of  keystrokes,  intruders 
could  cause  the  servers  to  crash,  abend  or  execute  code 
against  the  server.  Novell  was  expected  to  issue  a  patch  that 
could  be  downloaded  at  http://support.novell.  com/misc/ 
patlst.htm. 

Instant  messaging  twist 

■  Users  of  Web  portals,  shared-interest  sites,  auction  sites  and  corporate  applications 
could  see  which  participants  are  logged  on  to  AOL’s  Instant  Messenger,  and  contact 
them,  as  a  result  of  a  deal  between  AOL  and  PresenceWorks.  As  instant  messaging 
becomes  more  widespread,  visitors  to  Web  sites  want  to  be  able  to  contact  a  fellow  vis¬ 
itor  immediately,  according  to  Matt  Smith,  CEO  of  PresenceWorks. 

For  example,  a  shopper  on  an  auction  site  might  want  to  converse  in  real  time  with  a 
seller,  he  says.  At  Websites  that  use  PresenceWorks’ software  to  provide  a  link  to  AIM,  any 
current  AIM  user  will  be  able  to  find  out  if  another  such  user  is  available  and  then  click 
on  a  button  to  start  chatting. The  AIM  software  must  be  installed  and  running  on  each 


user's  machine. 
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<§>  Who  needs  the  Oscars?  The  Network 

Professional  Association,  with  assistance  from  NetworkWorld ,  will 
present  its  Awards  for  Professionalism  at  NetWorld+ Interop  in  Las 
Vegas  in  May.  Awards  include  lifetime  achievements,  best  “rookie" 
and  most  innovative  network  implementation.  Visit  www.npa.org 
for  more  information  and  to  nominate  candidates. 

<  ^  WorldCom  of  hurt  WorldCom  CEO  Bemie 
Ebbers  has  been  keeping  a  low  profile  of  late  and  it's  no  wonder. 
After  announcing  in  March  that  the  Securities  and  Exchange 
Commission  is  investigating  its  accounting  practices,  WorldCom 
last  week  said  it  is  cutting  3,700  employees  from  its  data  services 
division,  which  adds  up  to  6%  of  the  company’s  workforce. 

®  We're  not  laughing.  Bill  Gates  may  or  may 
not  be  your  favorite  high-tech  baron,  but  he  deserves  better  than 
he  received  last  week  at  the  hands  of  a  boorish  radio  host  playing 
an  April  Fool's  prank.  The  host  impersonated  Canadian  Prime 
Minister  Jean  Chretien  to  engage  Gates  in  a  telephone  conversation 
during  which  Windows  was  insulted  and  that  was  subsequently 
played  on  the  air. 


Financial  woes  mount  at  Qwest 

■  Qwest  Communications  paid  $44  billion  for  US  West  in  1999,  but  the  weakness  of  the 
telecommunications  market  and  a  new  accounting  rule  are  forcing  Qwest  to  take  a 
write-down  of  $20  billion  to  $30  billion  for  the  value  of  the  assets  acquired,  the  com¬ 
pany  said  last  week.  Qwest  also  announced  it  would  have  to  amend  downward  by  $48 

million  the  company’s  previously  announced  fourth-quarter 
2001  revenue  figure. 

Microsoft's  Belluzzo  stepping  down 

■  Rick  Belluzzo,  Microsoft’s  COO  and  a  key  force  behind  the 
growth  of  its  .Net,  XBox  and  MSN  efforts,  is  leaving  the  com¬ 
pany.  Belluzzo,  48,  will  step  down  as  president  and  COO  on 
May  1  and  leave  the  company  in  September.  No  specific  rea¬ 
son  was  offered  for  his  departure. The  move  came  as  part  of 
a  broader  reorganization  intended  to  give  greater  autonomy 
to  the  executives  in  charge  of  Microsoft’s  various  product 
groups,  the  Redmond,  Wash.,  company  says.  As  part  of  the 
changes,  Microsoft  will  be  divided  into  seven  business  units: 
Windows  Client,  Knowledge  Worker,  Server  and  Tools, 
Business  Solutions,  CE/Mobility,  MSN,  and  Home  and 
Entertainment.  Belluzzo,  former  CEO  of  Silicon  Graphics, 


FTC  trumpets  'Net  fraud  crackdown 

■  The  Federal  Trade  Commission  last  week  announced  results  from  an  international 
law  enforcement  sweep  aimed  at  squashing  deceptive  spam  and  Internet  fraud,  report¬ 
ing  that  63  cases  have  been  brought  against  ’Net  scams  involving  matters  such  as  phony 
cancer  cures  and  e-mail  investment  schemes  in  the  past  six  months.  The  efforts  were 
made  by  the  FTC’s  Netforce,  a  group  of  eight  U.S.  and  Canadian  state  law  enforcement 
agencies  concentrating  on  tracking  down  perpetrators  of  deceptive  e-mail  and  Internet 
fraud.  While  some  cases  involved  e-mail  pyramid  schemes  looking  to  fleece  consumers 
of  cash,  others  were  more  damaging, such  as  the  case  filed  against  David  Walker,  who  is 
charged  with  selling  fake  cancer  cures  on  his  Web  site. The  FTC  has  won  an  injunction 
against  Walker,  and  his  site  has  been  taken  down. 

More  flocking  to  government  Web  sites 

■  So  many  American  citizens  are  demanding  access  to  government  services  online  that 
a  Web  presence  is  now  necessary  for  government  bodies  at  all  levels  in  the  U.S.,  accord¬ 
ing  to  a  study  released  last  week  by  Pfcw  Internet  and  American  Life  Project.  According 
to  the  study,  68  million  American  adults  have  used  government-agency  Web  sites,  a  70% 
increase  from  40  million  two  years  ago.  Citizens  would  like  to  carry  out  more  transac¬ 
tions,  be  offered  more  information  and  have  faster  access  to  the  Web  sites,  according  to 
the  study. 


No  reason  was  given  to 
the  press  as  to  why 
Rick  Belluzzo  has 
decided  to  step  down 
as  COO  at  Microsoft  on 
May  1. 
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Web  services  riddled  with  problems 


Web  services  evolution 

IDC  predicts  that  mainstream  enterprise  deployments  of 
Web  services  will  follow  a  distinct  path  behind  the  firewall 
and  evolve  to  include  trusted  partners  and  dynamic  uses. 


Yean 

Adoption  cycle: 

2002-2003:  Within  the 
firewall 

•  Simplified  application  integration. 

•  Increased  developer  productivity. 

2003-2005:  Contained 
external  users 

•  Simplified  business  partner  connectivity 

•  Richer  application  functionality. 

•  Subscription-based  services. 

•  Casual/ad  hoc  use  of  services. 

2005-2008:  Fully  dynamic 
search  and  use 

•  New  business  models  possible. 

•  Commoditization  of  software. 

•  Pervasive  use  in  nontraditional  devices. 

■  BY  JOHN  FONTANA 

As  the  hype  surrounding  Web 
services  swirls  ever  faster,  industry 
analysts  are  switching  from  ex¬ 
plaining  what  Web  services  are  to 
spelling  out  the  pitfalls  and  short¬ 
comings  of  the  technology 

“Web  services  are  by  no  means 
an  end-all  solution  to  anything," 
says  Bernhard  Borges,  managing 
director  of  the  advanced  technol¬ 
ogy  group  at  Pricewaterhouse- 
Coopers.“It’s  not  one  solution  for 
one  problem.” 

Borges  says  there  is  plenty  of 
effort  today  around  building  Web 
services  —  they  will  be  front  and 
center  at  Microsoft’s  annual  Tech 
Ed  conference  this  week  in  New 
Orleans  —  but  he  says  there  isn’t 
enough  attention  being  paid  to 
the  “mortar  around  the  brick  to 
build  the  house.” 


Experts  warn  that  expectations 
should  be  kept  in  check. 

“People  tend  to  overestimate 
the  impact  of  a  technology  in  its 
first  two  to  three  years,  and  under¬ 
estimate  it  about  five  years  out,” 
say  Phil  Bronner,  a  principal  with 
Novak  Biddle  Venture  Partners. 

IT  executives  are  starting  to  test 
Web  services  internally  as  an  inte¬ 
gration  technology,  but  Bronner 
and  others  say  the  grand  Web  ser¬ 
vices  vision  of  dynamic  discovery 
and  integration  of  corporate  sys¬ 
tems  and  intelligent  applications 
over  the  Internet  is  largely  hype. 

Web  services  technology  is 
based  on  a  collection  of  XML- 
centered  protocols  such  as 
Simple  Object  Access  Protocol 
(SOAP)  and  Web  Services 
Description  Language  (WSDL). 
Definitions  of  Web  services  range 
from  dynamic  XML-based  appli¬ 


cations  that  can  be  located  and 
executed  over  the  Internet,  to  sim¬ 
ple  interfaces  for  integrating  un¬ 
like  systems. 

“Right  now  there  is  a  set  of 
issues  to  solve,”  Bronner  says.'The 
first  is  security  then  you  look  at 
quality  of  service  and  the  com¬ 
pletion  of  a  given  process  be¬ 
tween  partners.” 

A  recent  IDC  report  says  Web 
services  represent  a  new  ap¬ 
proach  to  an  old  problem:  getting 
systems  to  talk  to  one  another. 

“But  the  glorified  view  of  the 
Web  services  approach  is  a  futur¬ 
istic  model  that  is  a  ways  out  and 
may  never  happen,”  says  Rob 
Hailstone,  an  IDC  analyst. 

Borges  says  even  the  underpin¬ 
nings  of  Web  services,  such  as 
SOAP  and  WSDL,  raise  questions 
about  incompatibilities. 

“We’ve  agreed  to  use  electricity 


but  we  have  not  decided  if  we’re 
using  a  two-prong  plug  or  a  three- 
prong,”  he  says.“Just  being  compli¬ 
ant  with  the  SOAP  specification 


doesn’t  mean  that  my  SOAP  client 
will  work  with  your  SOAP  client.” 
That  fact  is  born  out  by  the 

See  Web  services,  page  10 


Microsoft,  partners  to  focus  on  Web  services 


■  BY  JOHN  FONTANA  AND  DENISE  DUBIE 

NEW  ORLEANS  -  Microsoft  this  week  will  continue  its 
campaign  to  demystify  the  company’s  .Net  and  Web  ser¬ 
vices  efforts  at  the  annual  Tech  Ed  conference  in  New 
Orleans. 

The  company  will  officially  launch  Commerce  Server 
2002,  a  .Net  server  and  accompanying  tool  kit  for  building, 
deploying  and  managing  e-commerce  storefronts.  This 
new  version  of  the  server  includes  new  catalog  features 
and  is  closely  integrated  with  Microsoft’s  Visual 
Studio.Net.  Microsoft  is  working  to  align  the  stable  of 
12  .Net  servers,  which  includes  Windows  2000,  with  its 
Visual  Studio.Net  development  tools. 

Microsoft’s  .Net  Web  services  platform  is  a  means  of 
delivering  software  as  a  service  instead  of  in  shrink- 
wrapped  packages.  The  platform  consists  of  the  .Net 
servers,  a  range  of  client  devices  and  development 
tools. The  theme  of  the  conference  will  be  the  unifi¬ 
cation  of  those  three  areas  under  the  .Net  banner, 
including  where  the  effort  is  today  and  how  it  will 
evolve. 

Observers  say  Microsoft  has  some  explaining  to  do. 

“What  is  unclear  to  me  is  what  dependencies  does 
.Net  have  on  Windows.Net  Server,  and  what  can  1  do 
with  that  sender  that  1  cannot  with  Windows  2000, ’’says 
Dwight  Davis,  an  analyst  with  Summit  Strategies.  “If 
people  are  actively  deploying  .Net  on  the  current 
stuff,  why  do  I  need  all  this  stuff  that  is 
coming  out?” 

As  always,  Microsoft  will  get  sup¬ 
port  for  .Net  from  a  gaggle  of  part¬ 
ners  at  the  show. 

NetlQ  and  Compuware  will  show 
the  latest  revisions  of  software 
designed  to  secure  and  manage 
Microsoft  environments,  respectively.  Enterprise 
Management  Associates  analyst  Jeb  Bolding  says 
widespread  adoption  of  Web  sendees  won’t  hap¬ 
pen  until  vendors  can  guarantee  users  that  those 


services  can  be  secured  and  managed. 

“These  vendors  are  taking  a  first  step  toward  securing 
and  managing  disparate  applications  and  transactions  out¬ 
side  of  the  firewall,”  Bolding  says.“I  don’t  think  too  many 
users  will  be  taking  many  steps  toward  distributed  Web 
services  until  security  and  management  are  resolved.” 

For  its  part,  NetlQ  will  debut  Security  Management  Pack 
for  Microsoft  Operations  Manager  (SMP  for  MOM)  and 
Security  Manager  3.5.  SMP  for  MOM  lets  users  manage 
security  from  a  single  console,  and  the  software  can  send 


MOM’s  security  blanket 

NetIQ’s  Security  Management  Pack  for 
Microsoft  Operations  Manager  (SMP  for  MOM) 
lets  users  monitor  security  events  across 
their  network  from  a  single  console. 


The  SMP  for  MOM  software 
alerts  net  managers  of  security 
breaches,  detailing  where  and 
3  when  they  occurred. 


The  software  shows  a  brief  list 
of  what  happened  across  desktop 
from  a  single  screen. 


Net  managers 
can  drill  down  into 
security  events  and 
remotely  manage 
access  to  users' 
desktops. 


notifications  of  security  breaches.  The  package  includes 
management  modules  for  Microsoft  Windows  Security 
NetlQ  Security  Analyzer  and  antivirus  applications. 

With  Security  Manager  3.5,  NetlQ  adds  integration  with 
Internet  Security  Systems’  Real  Secure  product  line  and 
Cisco  P1X  Firewall  appliances.The  security  software,  which 
monitors  security  data  from  separate  security  devices 
across  a  network,  now  also  supports  Office  XP  and  XP  Pro¬ 
fessional  software. 

SMP  for  MOM  and  Security  Manager  3.5  are  available 
now.  SMP  for  MOM  2000  is  priced  at  $470  per  processor. 
Pricing  for  Security  Manager  3.5  starts  at  $900  per  server 
and  $35  per  workstation. 

Also  at  the  show,  Compuware  will  display  its  Vantage  8.0 
suite  of  performancemonitoring  software  that  now  sup¬ 
ports  .Net  applications  (see  www.nwfusion.com, 
DocFinder:  8847).  The  products  can  test  the  viability  of 
.Net  applications  before  users  deploy  them.  Specifically, 
Application  Expert  now  can  help  users 
identify  delays  in  HTTP  Simple  Object 
Access  Protocol  and  XML  payloads,  which 
may  help  to  better  track  the  performance  of 
Web  services.  Bolding  says. 

Products  in  the  Vantage  8.0  suite  range  in 
price  from  $25,000  to  $35,000. 

A  number  of  companies  will  announce 
products  around  Commerce  Server  2002. 
Equilibrium  will  unveil  integration  of  its 
MediaRich  Image  Server  with  Commerce 
Server  2002.  The  server  features  automatic 
image  processing  that  renders  images  for  the 
Web  or  mobile  devices.  CyberSource  will 
unveil  CyberSource  Commerce  Component, 
which  provides  access  to  e-commerce  trans¬ 
action  services,  including  global  payment 
processing  and  tax  calculation.  And  Fast 
Search  &  Transfer,  which  develops  search  and 
real-time  alert  technology,  will  announce  that 
its  product  is  integrated  with  Commerce 
Server  2002.B 
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Sniffer  probes  get  management  boost 

Advances  could  make  it  easier  for  companies  to  track  application  performance. 


■  BY  DENISE  DUBIE 

SANTA  CLARA  —  Network 
Associates’  Sniffer  Technologies 
arm  last  week  announced  that  it 
has  added  central  administra¬ 
tion  and  Web-based  access  cap¬ 
abilities  to  its  distributed  net¬ 
work  probes,  moves  that  could 


help  companies  more  quickly 
determine  the  source  of  network 
and  application  performance 
problems. 

While  the  beauty  of  Sniffer 
probes  is  that  they  can  be  dis¬ 
tributed  across  an  enterprise 
network,  that  also  has  been  the 
problem  with  them.  Network 


Keeping  watch 

Sniffer  Watch  can  generate  reports  based  on  network 
traffic  data  collected  by  distributed  probes. 


Protocol  Distribution  :  IP  :  Packets 
FrameRelay::NAI  WANIc  600  Adapter  0B161_2  [35] 
12/31/01  12:00:00AM  to  12/31/01  11:00:00PM 


Net  managers 
can  see  exactly 
how  much  and 
what  type  of 
traffic  traverses 
their  networks  at 
any  given  time. 
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The  type  of  traffic  is 
broken  down  into 
bytes  and  packets  so 
network  managers 
can  quickly  determine 
their  networks’  “top 
talkers.” 


staffers  have  had  to  trudge  out  to 
each  probe  to  find  out  what  the 
probes  have  detected  and  con¬ 
solidate  those  findings  manually. 

The  company’s  new  Sniffer  En¬ 
terprise  Management  Architec¬ 
ture  is  designed  to  change  all  that 
by  giving  network  staffs  the  ability 
to  access  and  upgrade  the  probes 
remotely  from  any  computer 
with  a  Web  browser  and  analyze 
data  collected  by  multiple 
probes. 

The  architecture  is  based  on 
three  components: 

•  The  existing  Sniffer  Distrib¬ 
uted  probes,  appliances  that  pas¬ 
sively  collect  traffic  data  on  net¬ 
work  segments. 

•  Sniffer  Resource 
Manager,  which  pro¬ 
vides  centralized 
control  over  the 
probes  via  a  Web  in¬ 
terface.  This  new 
offering  is  available 
either  as  software 
that  runs  on  a  Win- 
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SnifferWatch  creates  reports  based  on 
LAN,  WAN  or  application,  depending  on 
the  network  manager's  request. 


dows  NT/2000  box 
or  as  an  appliance.  In  either  case, 
Resource  Manager  communi¬ 
cates  with  probes  via  HTTP 
•  Sniffer  Watch,  which  collects 
data  in  a  SQL  Server  database 
and  generates  reports  on  network 
traffic.  It  is  available  as  software  or 
an  appliance. 

Eric  Hemmendinger,  a  research 


Speedera  expands  security 


■  BY  JENNIFER  MEARS 

SANTA  CLARA  —  Content  delivery  service 
provider  Speedera  Networks  is  pumping  up  its 
security  capabilities, giving  customers  the  means  to 
secure  downloads  and  protect  Web  sites. 

The  services  come  in  response  to  growing  cus¬ 
tomer  demand  to  help  steel  Web  sites  against  threats 
such  as  denial-of-service  (DoS)  attacks  and  content 
theft.  With  the  new  offerings  announced  this  week, 
Speedera  will  have  security  packages  specifically 
designed  for  streaming  media, Web  site  delivery  and 
digital  downloads,  says  Gordon  Smith,  a  Speedera 
vice  president. The  services  augment  secure  stream¬ 
ing  that  Speedera  unveiled  last  fall. 

One  of  the  new  services, Secure  Content  Delivery, 
supports  Secure  Sockets  Layer  encryption  and  lets 
customers  hand  off  DNS  responsibilities  to 
Speedera,  which  can  distribute  DNS  across  its  net¬ 
work  of  edge  servers  that  are  tied  to  more  than 
1 ,000  carrier  networks.  By  distributing  DNS  servers, 
Smith  says,  Speedera  can  protect  Web  sites  from 
DoS  attacks  that  otherwise  could  cripple  a  Web  site 
running  DNS  in  a  single  location. 

Customers  who  choose  to  place  their  entire  Web 


sites  on  the  Speedera  network,  rather  than  using 
Speedera  only  to  deliver  specific  graphics  or  pieces 
of  content,  benefit  from  an  additional  line  of  de¬ 
fense, Smith  says, because  all  Internet  requests  are  fil¬ 
tered  through  Speedera’s  edge  servers.  The  cus¬ 
tomer’s  origin  servers  are  inaccessible  from  the  In¬ 
ternet,  he  adds. 

The  other  new  service,  Secure  Download,  lets  cus¬ 
tomers  require  authorization  and  authentication  for 
content  that  is  downloaded  from  the  Internet’s  edge. 
That  lets  users  offer  pay-per-view  or  subscription- 
based  downloads. 

Speedera  competes  with  CDNs  such  as  Akamai 
Technologies,  Mirror  Image  and  Digital  Island. 

Secure  Content  Delivery  is  available,  and  pricing 
starts  at  $1,500  per  month.  If  Speedera  is  delivering 
an  entire  Web  site,  pricing  starts  at  $3,000  per  month. 
The  Secure  Download  Service  will  be  available  next 
month,  and  pricing  starts  at  $1,500  per  month. 

Both  security  packages  are  available  as  part  of 
Speedera’s  SpeedSuite  Enterprise  offering,  which 
bundles  everything  from  bandwidth  and  storage  to 
complete  site  delivery  and  live  streaming.  Speed- 
Suite  pricing  starts  at  $7,500  per  month. 

Speedera:  www.speedera.com 


director  with  Aberdeen  Group, 
says  the  enhancements  take  the 
probes  out  of  the  basic  network 
diagnostics  realm  and  into  that  of 
application  management.  Cus¬ 
tomers  could  use  the  products  to 
determine  how  an  application  is 
running  based  on  traffic  statistics 
from  across  a  network,  perhaps 
quicker  than  they  could  with  tra¬ 
ditional  network  management 
systems  that  primarily  track  net¬ 
work  device  performance. 

“Here’s  a  company  that  basi¬ 


cally  developed  the  concept 
and  the  brand  of  the  ‘sniffer’ 
probe.  Now  they’re  making  that 
network  diagnostic  tool  do 
more,”  he  says.  “In  a  year,  Sniffer 
won’t  be  a  techie-only  tool. 
Application-level  managers  will 
be  using  this  for  debugging  and 
deploying  applications.” 

Sniffer  Distributed  probes  are 
priced  at  $13,900  apiece,  while 
Sniffer  Resource  Manager  costs 
$27,500  and  Sniffer  Watch  costs 
$30,000.  ■ 


Web  services 

continued  from  page  8 

recently  formed  Web  Services 
Interoperability  Organization, 
which  is  developing  a  set  of 
guidelines  for  creating  compat¬ 
ible  implementations  of  the 
base  Web  services  protocols. 

Despite  the  promise  of  Web 
services,  Borges  says  the  age- 
old  problems  of  distributed 
computing  still  exist,  such  as 
data  mapping,  transactional 
integrity,  trust  and  security. 

Some  of  those  problems  mean 
Web  services  won’t  become  an 
inexpensive  alternative  to  Enter¬ 
prise  Application  Integration 
(EA1)  technology.  Borges  says 
SOAP  adapters  in  the  near  term 
won’t  replace  “fat”  EAI  adapters 
that  link  data  and  handle  busi¬ 
ness  logic. 

“You  still  have  to  map  all  the 
data  and  develop  metadata 
tags.  You  have  to  run  the  busi¬ 
ness  logic  on  an  app  server  and 
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■  THIS  WEEK’S  QUESTION: 

What's  the  name  of  the 
research  and  develop¬ 
ment  consortium  formed 
in  1988  to  focus  on  cable 
telecommunications 
technologies? 


Answer  this  and  nine  adcfitional  questions 
online  and  you  could  win  $500!  Visit 

Netwrk  World  Fusion  and  enter  2349 
in  the  Search  box. 

www.nwfusion.com 


that  can  present  throughput 
issues,”  he  says. 

IDC’s  Hailstone  says  that  com¬ 
panies  will  have  to  build  large, 
clearly  defined  Web  services 
components,  or  run  the  risk  of 
overwhelming  current  infra¬ 
structures. 

“The  use  of  too  many  small 
Web  services  components  will 
create  a  performance  problem 
when  you  consider  authentica¬ 
tion  issues,  managing  transac¬ 
tions  and  business-process 
modeling,”  he  says. 

Outside  the  firewall,  problems 
intensify. 

The  vision  of  dynamic  discov¬ 
ery  of  Web  services  is  a  model 
riddled  with  questions,  fore¬ 
most  being  the  dynamic  dis¬ 
covery  of  partners  and  their 
services  through  a  Web  ser¬ 
vices  Yellow  Pages  directory 
called  Universal  Description, 
Discovery  and  Integration. 

“The  complexity  of  building  a 
Web  service  that  looks  in  a  direc¬ 
tory  to  find  a  function  and  use  it, 
that  is  possible,  but  I  still  have  to 
negotiate  costs,  service-level 
agreements,  contracts,  and  to  do 
all  that  in  an  automated  sense  is 
beyond  the  technology  now,” 
Hailstone  says. 

Trust  also  is  a  major  issue,  espe¬ 
cially  without  a  standard,  single 
sign-on  authentication  system. 

“We  still  don’t  have  a  security 
framework,  the  Liberty  Alliance 
doesn’t  yet  have  a  blueprint 
and  Microsoft’s  Passport  is  not 
widely  accepted,”  Borges  says. 

Despite  the  limitations, 
experts  say  Web  services  are 
here  to  stay. 

“If  the  grand  model  fails,  that 
does  not  mean  Web  services 
have  failed,”  Hailstone  says. 
“There  is  too  much  invested  by 
the  large  vendors  for  Web  ser¬ 
vices  to  fail."  ■ 
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Sell  rolls  out  blade  server 

PowerEdge  1550MC  targets  Internet  data  centers. 


■  BY  DENI  CONNOR 

NEW  YORK  —  Dell  last  week 
finally  jumped  into  the  server 
blade  fray  with  hefty,  single¬ 
board  computers  attuned  to 
load  balancing, Web  serving  and 
caching  for  businesses. 

The  company  announced  a 
server  blade,  the  PowerEdge 
1655MC,  which  does  not  trade 
off  features  such  as  memory  or 
network  connectivity  in  favor  of 
density.  Customers,  Dell  says,  are 
looking  for  blades  to  fill  out  their 
Internet  data  centers  that  re¬ 
place  compact,  lU-high  (1.75- 
inch)  servers. 

Dell  also  announced  two  high- 
end  servers  and  a  set  of  rack¬ 
mounted  modular  components 
for  network  support,  storage  and 
processing  known  as  bricks.The 
company  will  introduce  less 


powerful,  low-power  consump¬ 
tion  blade  and  InfiniBand- 
enabled  bricks  in  the  future. 

“Dell  is  focusing  on  high-per¬ 
formance  instead  of  the  modular 
low-power,  high-density  space,” 
says  Jamie  Gruener,  an  analyst 
with  The  Yankee  Group.  Gruener 
says  the  market  for  server  blades 
is  expected  to  grow  from  $150 
million  this  year  to  $3.5  billion  in 
2005.  “Dell  has  a  [blade]  road 
map  that  will  position  the  com¬ 
pany  at  the  higher  end  of  the 
market.” 

Dell’s  blade  uses  the  Pentium  III 
1 .26  GHz  processor,  compared  to 
700MHz  to  800MHz  blades  from 
Compaq,  RLX  Technologies  and 
Hewlett-Packard.  Compaq  says 
although  its  blades  presently  use 
low-power  processors,  it  will  have 
blades  that  match  Dell’s  by  the 
time  the  Dell  blade  server  ships 


Blade  bonanza 

Deli's  PowerEdge  1655MC  multiprocessor 
blade  server  uses  high-performance 
Pentium  III  1.2-GHz  processors. 
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Vendor 

Product  name 

External 

disk 

supported 

Internal 

disk 

capacity 

Number 
of  blades/ 
enclosure 

Type 

Ethernet  NIC 

Price 

Dell 

PowerEdge  1655MC 

Yes 

146G  bit  SCSI 

6/84 

Two  10/100/1000 

Undisclosed 

Compaq 

Ble-Class 

No  RAID; 
yes  NAS 

30 G  bit  ATA 

20/280 

Two  10/100 

$1,800 

HP 

bcIlOO 

Yes 

30G  bit  IDE 

16/48 

Two  10/100 

$1,925 

RLX  Tech¬ 
nologies 

ServerBlade  800i 

No 

40G  bit  ATA 

24/336 

Three  10/100 

$1,550 

this  fall. 

Dell  also  has  room  on  its 
blades  for  onboard  and  exter¬ 
nal  storage,  letting  businesses 
rapidly  scale  their  environments. 


Compaq  and  RLX  blades  sup¬ 
port  limited  30G  to  40G  bytes  of 
onboard  disk  capacity,  while  Dell 
provides  146G  bytes  of  onboard 
storage  and  an  embedded  RAID 
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Check  Point 

continued  from  page  1 

T-l  frame  relay  circuit  costs 
$1,500  to  $1,600  per  month, 

Cochran  says.  And  customers 
would  still  pay  for  their  Internet 
connection.  If  users  want  a 
frame  link  to  connect  to  more 
than  one  site,  they  pay  an  addi¬ 
tional  fee  per  permanent  virtual 
circuit  (PVC)  per  month.  A  virtu¬ 
al  circuit  is  roughly  analogous  to 
a  tunnel  in  that  it  enables  a  link 
between  specific  sites.  A  64K 
bit/sec  PVC  from  AT&T  costs 
$126  per  month,  list  price. 

Still,  if  the  IP  VPN  option  becomes  attractive 
enough  so  corporate  users  at  least  try  it,  they 
might  find  it  is  inexpensive  enough  to  tie  in 
more  locations,  Cochran  says.  According  to 
Vertical  Systems,  last  year  there  were  1.2  mil¬ 
lion  frame  relay  links  in  place  vs.  196,000  IP 
VPN  connections. 

Competitors  such  as  NetScreen,  Nortel, 
Rapidstream  and  WatchGuard  come  with  full 
firewalls.and  an  entire  line  of  Cisco  VPN  gear 
is  based  on  its  PIX  firewall.  “I  haven’t  seen 
anyone  else  roll  out  anything  like  [VPN-1 
Net]  ,”  says  Jeff  Wilson,  who  researches  VPN 
vendors  for  Infonetics  Research. “[This  soft¬ 
ware]  can  ease  some  cost  and  complexity 
fears  that  people  have  about  migrating  sites 
away  from  frame  relay 

The  VPN-1  Net  firewall  running  on  a  server 
or  a  custom  VPN  appliance  made  by  one  of 
Check  Point’s  hardware  partners,  can  be  set 
so  that  it  doesn’t  interfere  or  compete  with 
whatever  firewall  is  already  protecting  cor¬ 
porate  Internet  connections.  But  the  VPN-1 
Net  firewall  can  be  turned  on  at  sites  that 
might  not  have  one  yet. 


VPN  to  supplement  frame  relay 

Check  Point’s  VPN-1  Net  is  designed  to  make  it  easier  to  drop  VPNs  into  corporate  networks. 


VPN-1  Net  software  comes  with  a  rudimentary  firewall  so 
it  won’t  interfere  with  Internet  firewalls  already  installed  at 
major  corporate  sites. 


For  sites  without  firewalls,  VPN-1 
Net’s  firewall  can  be  turned  on. 


Frame  relay  users  would  lose  some  features 
if  IP  VPN  were  added.  For  example,  frame 
relay  comes  with  minimum  bandwidth  guar¬ 
antees,  while  VPNs  that  rely  on  the  Internet 
are  subject  to  unpredictable  delays.  But  it  is 
much  faster  to  turn  up  a  VPN  link  to  a  site 
that  has  Internet  access  than  to  wait  months 
for  a  frame  relay  connection. 

Once  frame  relay  networks  were  consid¬ 
ered  secure  because  they  operate  at  Layer 
2,  but  with  heightened  interest  in  security, 
users  are  becoming  wary  but  also  receptive 
to  VPN  technology  that  is  secure  from  site 
to  site. 

“Administrators  are  beginning  to  question 
how  well  that  frame  cloud  is  managed  from 
a  security  standpoint,”  says  Christopher 
Arnold,  network  security  architect  for 
Wheelhouse,  a  maker  of  customer-relation¬ 
ship  management  software  in  Burlington, 
Mass.The  company  bases  its  five-site  WAN  on 
Check  Point  VPN/firewall 
software  that  runs  on  Nokia 
hardware. 

Check  Point  is  also 


adding  new  management  shortcuts  in  its 
software  to  make  it  easier  to  set  up  user 
groups  and  establishing  hub-and-spoke 
connections,  a  common  frame  relay  config¬ 
uration.  “You  can  set  up  a  tunnel  between 
end  points  in  60  seconds.  Before,  if  you 
were  really  good  at  it,  it  took  30  minutes,” 
Arnold  says.  These  features  come  with 
Check  Point’s  VPN-1  Pro  software,  formerly 
called  VPN-1 /Firewall-1  Gateway. 

VPN-1  Pro  also  includes  a  graphical  inter¬ 
face  that  simplifies  adding  a  site  and  chang¬ 
ing  the  user  group  that  a  particular  site 
belongs  to.  “If  you  have  a  tight  budget  and 
are  short-staffed,  you  can  really  appreciate 
this,”  Arnold  says.  “Once  it’s  designed  prop¬ 
erly,  it  can  be  deployed  by  less  experienced 
administrators.” 

VPN-1  Net  and  VPN-1  Pro  are  available  now. 
VPN-1  Pro,  including  centralized  manage¬ 
ment  to  connect  a  500-person  office  with  a 
40-person  office,  would 
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controller,  to  which  SCSI  storage 
arrays  can  be  attached.  HP’s 
blade  is  different  —  it  places  ex¬ 
ternal  storage  on  12  specially 
designed  storage  blades.  Com¬ 
paq  says  that  network-attached 
storage  can  be  attached  to  its 
blades  via  an  embedded  Ether¬ 
net  adapter. 

Peter  Strifas,  senior  engineer  at 
Mount  Sinai  Medical  Center  in 
New  York,  says  that  although  he 
may  not  buy  blades  this  year  be¬ 
cause  of  budget  reasons,  he  has 
looked  at  blades  and  finds  them 
attractive. 

Strifas  is  looking  for  a  blade 
that  he  could  run  single  appli¬ 
cations  on,  much  as  he  would 
do  on  a  1U  server.  “We  need  an 
easy  connection  into  a  back¬ 
end  SAN  and  compact  equip¬ 
ment,"  Strifas  says.  With  Deli’s 
SCSI  controller,  he  could  con¬ 
nect  it  to  a  Fibre  Channel  router 
and  then  to  his  Compaq  or  EMC 
storage-area  networks. 

Dell  also  introduced  two  high- 
end  servers  intended  for  trans- 
action-based  applications  in 
corporate  data  centers.  The 
PowerEdge  6600  and  6650  can 
support  up  to  four  Intel  Xeon 
MP  processors. 

Dell  also  plans  to  make  low- 
power  blades  for  Web-server 
applications  and  brick  servers 
optimized  for  transaction-inten¬ 
sive  applications  such  as  cus¬ 
tomer  relationship  management 
and  databases. 

Dell  will  not  disclose  the  price 
of  its  blades  until  they  ship  this 
fall.  The  6600  and  6650  servers 
are  expected  to  ship  next 
month  for  $5,500  and  $5,200, 
respectively.  Bricks  are  expected 
before  year-end. 

Dell:  www.dell.com 


Internet  Tax  Prep  Service,  September  14 


Internet  Tax  Prep  Service,  April  14 


HP  Blade  servers  are  here. 

The  most  flexible  way  to 
manage  your  infrastructure. 

Radical  simplicity.  Extraordinary  flexibility.  HP  Blade  servers  are  about 
to  forever  change  the  way  you  look  at,  manage  and,  yes,  even  maneuver 
through  your  data  center. 

They  are  complete,  ultra-dense  servers  on  single  modular  cards  — including 
processor,  memory  and  all  network  connections  — that  come  with  a  choice  of 
Linux,  Windows®  or  HP-UX. 

Easier  to  manage  and  maintain. 

This  elegant,  standards-based  design  allows  you  to  easily  combine  server, 
storage,  networking,  appliance  and  management  blades  in  the  same  38-slot 
chassis,  then  reconfigure  on  the  fly  to  handle  expanding  or  contracting  workloads. 

Each  blade  connects  to  the  network  infrastructure  already  embedded  in  the 
chassis,  dramatically  cutting  the  number  of  cables  needed.  With  far  fewer  cables 
to  fuss  with,  they're  far  easier  to  manage  and  maintain  than  conventional  servers. 
Even  management  is  shared.  Which  means  all  38  blades  can  be  viewed  and 
monitored  as  a  single  system. 

More  efficient  and  reliable. 

Since  all  blades  in  the  chassis  share  the  same  power  and  cooling  source, 
they're  also  more  energy  and  space  efficient.  In  fact,  you'll  find  HP  Blade  servers 
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reduce  the  typical  number  of  fans  and  power  supplies 
required  by  as  much  as  60%. 

The  reliability  advantages  of  moving  to  blades 
are  profound.  To  give  you  some  perspective,  imagine 
building  a  server  cluster  solution  that  is  comparable  to 
a  fully  loaded  HP  Blade  server  cabinet.  The  projected 
annual  failure  rate  of  the  HP  Blade  server  solution  is 
about  41%  lower  than  that  of  the  comparable  server  cluster. 

In  the  unlikely  event  that  a  blade  should  fail,  the  problem  is  isolated  in  the 
same  way  that  multiple  systems  connected  by  I/O  are  isolated  from  each  other. 

Is  your  server  as  sharp  as  a  blade? 

Servicing  a  blade  is  as  easy  as  deploying  one.  Each  blade  is  freely  accessible 
from  both  the  front  and  rear  of  the  cabinet  and  can  thus  be  replaced  at  a  moments 
notice.  Each  slot  can  be  powered  on  or  off  separately.  Hot-swap  and  hot-plug 
technology  is  implemented  throughout,  allowing  for  the  seamless  addition  or 
replacement  of  blades  while  the  rest  of  your  infrastructure  continues  to  hum. 

We  invite  you  to  read  our  technical  white  paper  on  HP  Blade  servers. 
Or,  better  yet,  talk  directly  with  one  of  our  infrastructure  specialists  to  find 
out  more  about  how  HP  Blade  servers  can  change  the 
face  of  your  business.  Give  us  a  call  at  1.800.HPASKME, 
extension  246.  Or  visit  www.hp.com/go/infrastructure. 

Infrastructure:  it  starts  with  you. 


invent 
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Verizon 

continued  from  page  1 

with  Verizon  being  a  no-show  when  we  have 
lines  down.  (Verizon  is  dispatched  by  Sprint, 
which  is  the  long-distance  and  data  provider 
in  this  case.)  Then  Verizon  closes  the  ticket 
and  we  have  to  start  the  process  all  over 
again, "says  Paul  Lourd, director  of  IT  for  UST.a 
Greenwich,  Conn.,  holding  company  for  sev¬ 
eral  tobacco  and  wine  subsidiaries.  The  only 
service  Lourd  uses  Verizon  for  is  local  voice 
and,  based  on  his  experience  with  Verizon’s 
service,  he  doubts  he’d  consider  using  the 
provider  for  anything  else. 

Gian  Zoppo,  CIO  for  marketing  outfit  Porter 
Novelli  International’s  U.S. region, says  he’d  like 
to  see  Verizon  and  other  providers  work  on 
putting  together  service  teams  that  could  han¬ 
dle  business  customer  calls  from  start  to  fin¬ 
ish. To  resolve  a  trouble  ticket  now, a  customer 
has  to  usually  call  at  least  a  local  provider  and 
long-distance  provider  and  handle  the  coor¬ 
dination  between  the  two. 

“The  promise  of  deregulation  was  that  you’d 
get  better  pricing  and  more  services,”  he  says. 
“The  reality  is  that  it  takes  so  much  time  to 
coordinate  the  vendors  that  any  savings  you 
get  are  likely  consumed  by  the  extra  people 
you  need  to  handle  the  tasks." 

Offer  competitive  pricing. 

“When  it  comes  to  the  last  mile, 
I  Verizon  is  the  Big  Kahuna.  I’d  just  like 
to  see  them  recognize  that  there  is  some  com¬ 
petition  in  the  marketplace,”  says  Paul  Ladd, 
director  of  MIS  for  Suffolk  University  in 
Boston.  “When  we  talked  to  Verizon  about  a 
transparent  LAN  service,  the  price  was  way 
too  high,”  he  says.“Yipes  [which  Ladd  selected 
for  the  service]  gave  us  three  times  as  much 
bandwidth  at  half  the  cost.”  (Note:  Yipes 
Communications  filed  for  Chapter  1 1  bank¬ 
ruptcy  protection  in  March). 

Better  business  DSL 
services. 

I  “I’d  like  to  see  Verizon  offer  more  in 
the  way  of  broadband  services  that  can  be 
customized  to  the  user’s  needs,”  says  William 
Horst,  assistant  regional  administrator  for  the 
Government  Services  Administration  (GSA)  in 
Boston.  “Verizon  is  sitting  on  its  residential 
asymmetrical  DSL  offerings  instead  of  adding 
any  symmetrica!  DSL  services  for  business. 
Their  deployment  seems  to  ignore  the  need 
for  speeds  beyond  768K  bit/sec  to  support 
remote  business  offices  using  pricey  digital 
data  services." 

4  Improve  data<ircuit  imple¬ 
mentation  times. 

I  Millipore,  a  Medford,  Mass.,  bio- 


Correction 


■  In  the  stony  “Jumper  looks  beyond  core 
routers"  (March  25,  page  35),  analyst  David 
Berndt  should  have  been  identified  as  an  ana¬ 
lyst  with  The  Yankee  Group. 


science  company, is  in  the  process  of  installing 
fiber  to  three  Massachusetts  sites,  so  it  no 
longer  has  to  deal  with  Verizon. “They  have  a 
tremendous  data-line  backlog,”  says  Ram 
Prabhu,  director  of  corporate  telecommunica¬ 
tions.  Millipore  has  several  international  sites 
that  are  connected  to  the  company’s  head¬ 
quarters  through  dedicated  lines.  Verizon  is 
responsible  for  installing  the  last-mile  local 
loop  on  those  lines.  In  the  past, Verizon  would 
have  the  local  loop  installed  before  the  inter¬ 
national  circuit  was  up.  “That  changed  in 
2000,”  Prabhu  says.  Now  the  local  loop  is 
always  the  last  part  of  the  line  to  be  finished. 

Offer  number  portability 
between  central  offices. 

B  Eastern  Bank,  a  Boston  financial 
institution,  uses  Verizon  for  its  corporate  head¬ 
quarters  and  all  46  of  its  branches.  Within  the 
next  few  months,  Eastern  plans  to  move  one 
office  to  a  larger  facility  located  closer  to  the 
corporate  headquarters.  The  office  will  now 
be  served  out  of  a  new  central  office.  Verizon 
has  offered  to  forward  the  office’s  existing 
Centrex  numbers  from  the  old  central  office 
to  the  new  numbers  that  will  be  assigned  to 
the  office  at  the  new  central  office,  but  there  is 
a  recurring  charge  for  this  service, says  Robert 
Primavera,  an  assistant  vice  president  at 
Eastern.  Primavera  finds  it  odd  that  carriers 
can  handle  number  portability  if  someone 
switches  providers  but  not  if  a  customer 
moves  from  one  central  office  to  another. 

Porter  Novelli’s  Zoppo  says  this  is  a  service 
he’d  also  like  to  see.  Porter  Novelli,  based  in 
Manhattan,  lost  voice  services  on  Sept.  11, 
because  the  company  was  served  out  of  a 
central  office  located  in  the  World  Trade 
Center.  Voice  service  was  restored  quickly  but 
Zoppo  says  the  firm  could  not  immediately 
get  service  through  its  original  numbers  — 
something  that  might  have  been  possible  if 
the  numbers  could  have  been  moved  to 
another  central  office. 

Innovate. 

“It’s  tough  getting  them  to  do  any- 
I  thing  outside  the  box. . .  .There’s  not  a 
lot  of  ingenuity  there,” says  Laurence  Cranwell, 
a  senior  vice  president  at  managed  service 
provider  AimNet  Solutions  of  Norwalk,  Conn. 
(However,  he  notes  that  Verizon  recently  has 
responded  to  AimNet’s  specific  need  for 
SONET  technology,  whereas  others  could 
not). 

The  GSAs  Horst  concurs, noting  that  he’d  like 
to  see  Verizon  come  out  with  some  kind  of 
voice  over  IP  through  Centrex  offering. 

7  Improve  support  levels  in 
general. 

I  “Their  support  level  has  really  dete¬ 
riorated  over  the  last  several  years,”  says  Bob 
Andrews,  director  of  worldwide  communica¬ 
tions  for  Waters  Corp.,  a  Milford,  Mass.,  testing 
equipment  manufacturer.  Waters  has  migrat¬ 
ed  several  intrastate  long-distance  lines  over 
to  AT&T  and  Focal  Communications  because 
the  company  isn’t  satisfied  with  what  Verizon 
has  offered. “Verizon  just  doesn’t  seem  to  care 
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Enterasys  execs 
resign  as  bad 
news  grows 

■  BY  PHIL  HOCHMUTH 

PORTSMOUTH,  N.H.  —  Enterasys  Networks’ 
top  executive  and  two  other  key  officers 
resigned  last  week  amid  an  anticipated  rev¬ 
enue  dip,  an  investigation  by  the  Securities 
and  Exchange  Commission  and  the  compa¬ 
ny’s  own  internal  accounting  review. 

Henry  Fiallo  stepped  down  as  chairman, 
CEO  and  president. 
He  will  be  replaced 
by  interim  CEO  Wil¬ 
liam  O'Brien, a  former 
Pricewaterhouse- 
Coopers  executive. 
Also  resigning  were 
COO  Jerry  Shanahan 
and  J.E.  Riddle,  vice 
chairman  and  execu¬ 
tive  vice  president  of 
marketing. 

“The  CEO  resigna¬ 
tion  is  due  to  a  mutu¬ 
al  determination  be¬ 
tween  the  former  CEO  and  the  board,  and 
the  realization  that  Enterasys  needed  differ¬ 
ent  skills  and  experience  to  lead  the  com¬ 
pany  through  the  current  challenges  it 
faces,”  Enterasys  spokeswoman  Kristen 
Sheppard  told  Reuters  news  service.  The 
resignations  are  part  of  a  restructuring 
effort  spurred  by  the  company’s  projected 
poor  sales  over  the  last  two  quarters,  says 
CFO  Robert  Gagalis. 

Enterasys  also  announced  that  its  fourth- 
quarter  2001  and  first-quarter  2002  revenue 
would  be  less  than  expected. The  company 
notified  the  SEC  in  February  that  its  fourth- 
quarter  earnings  report  would  be  delayed 
because  of  an  internal  review  of  the  com¬ 
pany’s  finances  by  independent  auditor 
KPMG. 

Enterasys  says  it  expects  to  post  its  first 
operating  loss  in  the  fourth  quarter,  which 
ended  Dec.  29,  2001,  and  that  it  expects  to 
lose  money  in  the  first  quarter  of  2002, 
which  ended  March  30.  The  expected 
fourth-quarter  loss  is  the  first  for  the  com¬ 
pany  since  it  was  spun  off  from  Cabletron 
last  August. 

Enterasys’  fourth-quarter  2001  revenue 
will  fall  between  $145  million  and  $155  mil¬ 
lion,  while  first  quarter  2002  revenue  is 
expected  to  be  $110  million  to  $120  mil¬ 
lion.  Both  expected  revenue  figures  come 
in  far  below  analysts’  expectations  of 
approximately  $190  million  for  each 
respective  quarter. 

Enterasys  attributes  the  poor  first-quarter 
revenue  to  “the  lengthening  of  the  sales  cycle 
due  to  difficult  market  conditions,  poor  sales 
execution,  and  the  previously  announced 
[SEC]  investigation.” 

The  company  may  also  have  to  restate  rev¬ 
enue  in  prior  quarters  of  2001  as  a  result  of 
its  internal  review, Reuters  reported.* 
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How  the  FIFA  World  Cup™  kicked  off  an  IP  telephony  first.  The  largest  sporting 

event  in  the  world,  the  FIFA  World  Cup ™  utilizes  over  40,000  volunteers  and  12,000  media  personnel  who  must 
communicate  between  20  venues  in  2  countries,  24-hours  a  day.  And  they  needed  an  IP  telephony  solution 
that  could  work  with  it  all.  So  they  chose  Avaya  to  build  one  of  the  world’s  largest  converged  networks.  Our  IP 
solution  gave  them  the  same  features  and  functionality  of  sophisticated  office  phone  systems,  with  the  ability  to 
talk,  transmit  data,  manage  e-mail,  faxes  and  even  wireless  communications  simultaneously  —  all  over  a  single 
network.  For  a  white  paper  detailing  how  Avaya  is  powering  the  FIFA  World  Cup™,  visit  avaya.com/nowtwo. 
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Foundry,  Nortel  improve  Web  switch  features 


■  BY  PHIL  HOCHMUTH 

SAN  JOSE  —  Foundry  Networks  and 
Nortel  are  releasing  new  versions  of  their 


Web  switch  software  that  could  help  busi¬ 
nesses  use  Layer  4-Layer  7  switches  for  secu¬ 
rity,  network  device  consolidation  and  traf¬ 
fic  management,  in  addition  to  server  load 


balancing  and  Web  content  switching. 

Foundry  this  week  will  release  security 
and  quality-of-service  features  in  Version 
8.0R  of  its  Serverlron  OS  software,  which 
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...from  your  browser,  desktop  or  applications. 


Introducing  the  Xythos  WebFile  Server  3.2 
Internet-enabled  file  management  for  the  enterprise 

•  Superior  Sharing  -  the  right  file  goes  to  the  right  people,  without  the  hassles  of  email  attachments 

•  Standards  Based  -  the  ultimate  WebDAV  file  server 
•  Safe  and  Secure  -  supports  existing  security  and  authentication  protocols 
•  Easy  Implementation  -  works  with  existing  network  and  storage  standards 

•  Lower  Costs  -  reduce  your  storage  management  costs  as  you  increase  productivity 

•  Free  IDC/Xythos  Whitepaper  -  discover  the  best  internet-enabled  file  management  software 
for  your  company 


Call  1  888  4XYTHOS  (1  888  499  8467)  or  visit  www.xythos.com/webfile74 
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runs  the  Serverlron  400  and  800  line  of 
Layer  4-Layer  7  switches.  New  features  in¬ 
clude  transaction  rate  limiting.  Layer  3  rout¬ 
ing  support,  a  built-in  sniffer  function  and 
high-availability  network  address  transla¬ 
tion  support.  The  software  also  can  help 
consolidate  the  number  of  routers, switches 
and  load-balancing  devices  in  a  data  center 
into  one  Serverlron  switch,  the  firm  says. 

Serverlron  switches  typically  attach 
directly  to  servers  in  a  data  center,  provid¬ 
ing  load  balancing  and  distributing  Web 
traffic  among  servers. 

Technology  called  transaction  rate  limit¬ 
ing  in  Serverlron  OS  8.0R  can  be  used  to 
limit  the  packets  per  second  a  client  ma¬ 
chine  can  be  allowed  to  send  to  a  server 
attached  to  a  Serverlron  switch.The  limiting 
can  be  done  on  a  per-application  basis  by 
limiting  TCP  port  throughput.  The  feature 
could  help  prevent  activity  such  as  unau¬ 
thorized  Telnet  access  and  “ping  flood” 
denial-of-service  attacks,  and  could  keep 
clients  from  monopolizing  network  servers. 

For  more  security  a  flow-monitoring  and 
capture  function  in  Serverlron  OS  could  be 
used  as  a  built-in  sniffer  tool  for  filtering 
IRTCRUser  Datagram  Protocol  (UDP)  and 
HTTP  information,  and  shutting  down  ap¬ 
plications  or  blocking  ports  if  unauthorized 
or  unwanted  traffic  is  discovered. 

“The  new  [Serverlron  OS]  lets  us  consol¬ 
idate  some  switching,  routing  and  health¬ 
checking  functions,  making  things  a  little 
more  manageable," says  Robert  Smith,  CTO 
atVingage.a  Maitland, Fla., digital  video  dis¬ 
tribution  firm.Vingage  lets  clients  access  its 
large  server  farm  for  video  content  down¬ 
load  and  previously  used  two  Foundry  de¬ 
vices  for  Layer  3  routing,  server  load  bal¬ 
ancing  and  Layer  7  content  switching.“Our 
data  center  is  a  lot  simpler  now,  and  works 
better^  he  adds. 

Foundry’s  product  releases  follow  Nortel’s 
recently  announced  Web  Operating  System 
Version  10  (Web  OS  10)1  which  includes  a 
deny-filter  feature  that  could  be  used  to  in¬ 
spect  Layer  7  information  in  packets  and 
block  traffic  carrying  patterns  that  match 
viruses  or  hacker  attack  methods.  Web  OS 
10  runs  on  all  Nortel  Alteon  Layer  4-Layer  7 
switches  and  switch  modules.  Upgrading  to 
Web  OS  10  on  the  switches  could  add  secu¬ 
rity  filtering  to  any  point  in  a  network,  from 
the  enterprise  edge  to  the  backbone  and 
data  center,  Nortel  says. 

The  Foundry  and  Nortel  gear  competes 
with  load-balancing  and  Web-switching 
gear  from  vendors  such  as  F5  Networks, 
Cisco,  CacheFlow,  Extreme  Networks,  Top- 
Layer  Networks  and  RadWare.Web  OS  10  is 
available  as  a  free  upgrade  to  Nortel  cus¬ 
tomers,  while  Foundry’s  Serverlron  OS  8.0R 
is  available  for  a  $15,000  upgrade  and  will 
be  an  option  for  new  Serverlron  400  and 
800  chassis.  ■ 

Web 

Acceleration 

Subscribe  to  our  free  newsletter. 
DocFinder  5434  www.nwfusion.com 


In  this  economy,  many  hosting  companies  are  coming  apart  at  the  seams.  So  what 
makes  Verio  the  exception ?  We're  a  part  of  NTT  Communications ,  the  world's  largest  0 
telecommunications  corporation.  We're  the  largest  web  hosting  company  on  the  'If! 
planet  —  more  IT  people  like  you  depend  on  us  for  their  most  critical  hosting  needs. 
We've  been  in  the  hosting  business  since  1996  and  host  thousands  of  dedicated 
servers.  Behind  each  and  every  dedicated  server  is  the  most  experienced  and  obsessive 
tech  staff  in  the  industry.  Call  us,  we'll  be  there  for  you. 
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Sign  up  now  at  www.verio.com/ds8  or  cail  877-399-0590. 


<udes  Intel-Based  Standard  1  Server.  Offer  is  valid  for  new  customers  only.  One  year  contract  required.  Verio  is  a 
k  of  Verio  Inc.  All  other  referenced  product  names  are  trademarks  of  their  respective  owners.  ©  2002  Verio  Inc. 
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Imagine  the  possibilities  if  the  capacity  of  your  pipe  wasn't  so  limited.  What  would  you  do  if  you  could  connect  all  your 


buildings  wirelessly  with  speeds  up  to  860  Mbps  total  capacity,  with  99.999%  carrier-class  reliability,  and  still  save  money? 


You  can  with  wireless  connectivity  from  Western  Multiplex.  Our  products  let  you  do  what  you  couldn't  do  before, or  afford  to  do. 


Things  like  securely  sending  bulky  presentations  between  buildings  and  swiftly  backing  up  your  network.  Conducting  glitch-free 
videoconferences.  Adding  low-cost  network  redundancy.  Or  just  unclogging  data  flow  across  your  entire  corporate  campus. 


Expensive?  Hardly.  With  Western  Multiplex,  you'll  actually  save  money.  That's  because  there  is  no  need  to  lease  lines  or  trench 
for  new  fiber.  You  own  the  equipment.  And  that  means  fast  payback.  Plus  our 


equipment  installs  in  days,  not  months.  Find  out  how  wireless  connectivity  can 
work  for  you.  Go  to  www.wmux.com/wouldyou  or  call  toll-free  1 -877-293-6000 
for  a  free  quote  and  white  paper. 


0 


WESTERN 

Multiplex 


THE  CAPACITY  TO  DO  GREAT  THINGS. 


■?  5002  Western  Multiplex  (orporetion  A'1  rights  reserved.  Western  Multiplex  and  the  Western  Multiplex  logo  ore  trademorks  of  Western  Multiplex  Cotporolion.  All  other  trodemorks  mentioned  herein  ore  property  of  their  respective  owners  Specifications  ore  subject  to  ehonge  without  notice 
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■  TCP/IP,  LAN/WAN  SWITCHES 

■  ROUTERS  ■  HUBS 

■  ACCESS  DEVICES  ■  CLIENTS 

■  SERVERS  ■  OPERATING  SYSTEMS 

■  VPNS  ■  NETWORKED  STORAGE 


■  PolyCom  has  announced  an  IP 
phone  that  is  compatible  with  Cisco’s 
CallManager  software.  The  Poly- 
Com  SoundPoint  500CS  handset 
gives  Cisco  IP  telephony  users  an¬ 
other  option  for  purchasing  IP  phones. 
Previous  CallManager  systems  only 
worked  with  Cisco  IP  phones.  The 
new  IP  phone  comes  with  12  program¬ 
mable  keys  and  supports  standard 
CallManager  features  such  as  call 
transfer,  conferencing,  speed  dial, 
redial  and  call  lists,  and  is  comparable 
to  Cisco's  7960  and  7940  phones, 
according  to  PolyCom. 

SoundPoint  500CS  has  two 
built-in  10/100M  bit/sec  Ethernet 
switch  ports  for  connecting  a  PC 
and  the  phone  to  a  network  over 
one  network  drop.  The  phone  also 
can  be  powered  Category  5e  net¬ 
work  cable  when  connected  to  a 
Cisco  switch  with  inline  capabilities 
and  Cisco  Discovery  Protocol,  elimi¬ 
nating  the  need  for  the  use  of  an 
AC  adapter  at  an  end  user’s  desk. 
The  phone  also  supports  Dynamic 
Host  Configuration  Protocol  for  IP 
address  registration.  XML  support 
and  an  LCD  text  display  let  the 
phone  run  applications  such  as 
directory  information,  broadcast 
messages,  stock  quote  tickers  and 
limited  Web  browsing.  SoundPoint 
500CS  is  available  for  $400. 
www.polycom.com 

■  Empirix  last  week  announced  its 
PacketSphere  Storage  Test 
Platform  will  monitor  iSCSI,  Inter¬ 
net  Fibre  Channel  Protocol  and  Fibre 
Channel-over-IP  protocols.  The  device 
simplifies  the  testing  of  IP  storage 
devices  and  applications  such  as 
backup  and  mirroring.  The  device  can 
insert  latency  and  lost  packets  into 
data  streams  to  analyze  the  resulting 
throughput  and  emulate  real-time 
environments.  The  PacketSphere 
hardware  connects  to  the  network 
via  a  Gigabit  Ethernet  connection  and 
can  process  more  than  2.8  million 
packet/sec  at  Gigabit  wire  rates,  the 
company  says.  PacketSphere  STP 
starts  at  $59,000  and  is  available  now. 
www.empirix.com 


Microsoft  makes  wireless  case 

Latest  efforts  put  wireless  support  into  enterprise  servers. 


■  BY  JOHN  FONTANA 

REDMOND,  WASH.  —  Microsoft  is  tak¬ 
ing  a  new  approach  to  the  mobile  and 
wireless  markets  that  observers  say 
might  finally  result  in  the  company  get¬ 
ting  it  right. 

The  company  is  blending  wireless  and 
mobile  support  directly  into  its  enterprise 
network  software.  That’s  a  departure  from 
its  past  efforts,  and  a  twist  on  the  current 
strategies  of  other  vendors. 

“Microsoft’s  strategy  to  embed  wireless 
access  in  its  basic  products  is  a  good  one, 
but  it  is  not  really  a  trend  among  vendors,” 
says  James  Kobielus,  an  analyst  with  Bur¬ 
ton  Group  and  a  Network  World  colum¬ 
nist.  “IBM,  Sun,  Oracle  and  others  all  pro¬ 
vide  wireless  access  with  separate  proxies 
and  gateways.” 

To  be  sure,  Microsoft  has  had  its  strug¬ 
gles  in  the  wireless  market,  from  its  early 
ineptitude  with  Windows  CE  to  its  break¬ 
up  with  its  first  platform  partner,  Wireless 
Knowledge.  Even  as  recently  as  a  year 
ago,  Microsoft’s  mobile  and  wireless 
products  were  laggards  and  its  strategy 
unorganized. 

But  with  the  multifaceted  mobile  and 
wireless  market  expected  to  boom  —  IDC 
estimates  the  worldwide  market  for 
mobile  infrastructure  software  alone  will 
more  than  quadruple  from  $352  million 
this  year  to  $1.6  billion  by  2006  — 
Microsoft  wasn’t  about  to  give  in.  Ob¬ 
servers  say  the  company’s  persistence  is 
about  to  start  paying  off. 

“Microsoft  is  now  becoming  a  force  in 
the  enterprise  mobile  market,” says  Warren 
Wilson,  an  analyst  with  Summit  Strategies. 
“Microsoft  has  all  the  back-end  pieces 
and  now  they  are  trying  to  tie  together 
.Net,  Exchange,  SQL  Server  and  the  other 
software.  And  that  will  help  them  become 
a  force  in  the  handheld  market."Microsoft 
won’t  say  how  much  it’s  investing  in  wire¬ 
less  and  mobile,  but  says  its  Mobility 
Group  last  year  received  the  largest  incre¬ 
mental  capital  outlay  of  any  division. 

Mobile  and  wireless  technology  also  is 
a  key  underpinning  of  Microsoft’s  .Net 
strategy,  which  promises  to  deliver  soft¬ 
ware  as  a  set  of  services  available  from 
any  device.  Microsoft  is  spending  $5  bil¬ 
lion  per  year  on  .Net  development. 

“Today,  if  you  look  at  wherever  we  men¬ 
tion  the  word  Web  and  replace  it  with  the 
word  mobile,  you  get  the  idea  of  what  we 


Seventy  percent  of  users  who 
access  data  over  a  wireless 
connection  are  in  small,  midsize 
and  large  businesses. 


business 


businesses 


business 


Consumer 


are  doing,”  says  David  Rasmussen,  lead 
product  manager  for  the  .Net  mobile 
developer  platform. “It’s  all  about  making 


mobility  mainstream,  making  everything 
accessible. You  can  use  exactly  the  same 
back  end  for  everything  from  desktop  to 
device.” 

Retooling  the  infrastructure 

On  the  infrastructure  side,  Microsoft 
made  a  major  strategy  shift  in  February, 
committing  to  deconstruct  its  stand-alone 
mobile  access  server,  Mobile  Information 
Server  2002,  and  distribute  its  pieces 
among  other  back-end  servers  starting  in 
early  2003. 

Six  months  before,  responsibility  for  MIS 
2002,  which  provides  secure  access  from 
wireless  devices  to  Exchange  e-mail  and 
Windows-based  applications,  switched 
from  the  Mobility  Group  to  the  .Net 
Platform  Group. 

That  group  is  putting  MIS  2002’s 

See  Wireless,  page  22 


3Com  pushes  Layer  4 
switching  to  wiring  closet 


■  BY  PHIL  HOCHMUTH 

3Com  last  week  released  a  new  work¬ 
group  switch  that  could  help  IT  shops  inter¬ 
ested  in  deploying  Layer  4  traffic  prioritiza¬ 
tion  right  now  or  in  the  near  future. 

SuperStack  3  Switch  4400  SE  could  be 
deployed  as  a  regular  Layer  2  Ethernet 
switch  for  connecting  desktops  to  a  LAN  or 
upgraded  to  a  Layer  4  switch  that  could  be 
used  to  enforce  business  polices,  such  as 
server  and  application  port  access. 

The  box  comes  with  24  ports  of  10/1 00M 
bit/sec  Ethernet  and  one  slot  for  a  fiber  or 
copper  Gigabit  Ethernet  uplink  port.  The 
switch  supports  standard  Layer  2  Ethernet 
virtual  LAN  and  traffic  prioritization  with 
802. 1 Q  and  802. 1  p,  respectively 

Up  to  eight  4400  SEs  can  be  linked  with 
stacking  modules,  which  let  the  stack  be 
managed  as  a  single  device  with  one  IP 
address.  Gigabit  uplink  ports  can  also  be 
trunked  into  one  virtual  pipe  —  as  fast  as 
8G  bit/sec  —  for  improved  uplink  speed 
and  resiliency 

With  a  Layer  4  software  upgrade,  the 
switch  can  be  used  to  enforce  policies 
based  on  Layer  4,  or  the  transport  layer,  of 


an  IP  packet.  Such  information  could 
include  User  Datagram  Protocol  (UDP)  or 
TCP  port.  Network  policies  based  on  Layer 
4  could  be  used  for  limiting  different  types 
of  traffic  on  specific  end-user  switch  ports, 
or  for  prioritizing  certain  packet  types, such 
as  database  or  application  server  traffic. 

3Com  says  that  enforcing  Layer  4  traffic 
rules  at  the  desktop  instead  of  the  LAN  dis¬ 
tribution  level  or  core,  which  is  a  common 
method,  could  help  alleviate  the  burden 
on  distribution  or  core  switches  and  possi¬ 
bly  improve  backbone  traffic  performance. 

The  SuperStack  3  4400SE  will  compete 
with  workgroup  switches  such  as  Cisco’s 
Catalyst  3500  series,  HP’s  ProCurve  2500 
series  switches  and  Foundry  Network’s 
Fastlron  stackable  switch. 

The  SuperStack  3  Switch  4400  SE  is  avail 
able  now  for  $1,300,  and  the  Layer  4  soft¬ 
ware  upgrade  will  be  available  this  quarter 
for  $500*  ■ 

High-Speed 
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Last  week  on  Network  World  Fusion,  I 
read  about  yet  another  “security  vul¬ 
nerability”  in  Windows  (“Windows 
NT/2000  hole  can  let  attacker  take  over 
systems,”  www.nwfusion.com,  DocFinder: 
8828).  What  the  headline  didn’t  say  is  that 
it’s  almost  impossible  to  exploit  this  prob¬ 
lem  over  a  network  —  you  have  to  be  run¬ 
ning  the  program  directly  on  the  system 
involved.  There’s  also  no  evidence  that 
anyone  actually  has  used  this  vulnerabil¬ 
ity  to  do  anything.  And  because  the  vul¬ 
nerability  puts  the  system  into  debugger 
mode,  the  user  just  might  notice  some¬ 
thing  is  happening. 

It’s  akin  to  warning  you  that  someone 


Security:  Take  a  deep  breath  and  count  to  10 


could  jump-start  your  car  while  it’s  sitting 
in  your  garage,  which,  while  true,  is  a  fairly 
remote  possibility  —  and  one  you’d  prob¬ 
ably  notice  while  it  was  occurring. 

Nevertheless,  it’s  symptomatic  of  the 
sort  of  headlines  anyone  can  grab  by 
claiming  to  discover  another  vulnerabil¬ 
ity  in  Windows. This  necessitates  that  en¬ 
gineers  who  might  more  profitably 
spend  their  time  working  on  the  next 
version  of  Windows  spend  a  few  days  or 
weeks  creating  a  patch  for  the  supposed 
exploit. This  is  followed  by  testing  of  the 
patch  to  be  sure  it  doesn’t  break  some 
other  part  of  the  operating  system  or 
interfere  with  major  software  packages 
that  might  be  installed. 

At  best  this  takes  time  and  money  to 
test  that  could  be  more  profitably  in¬ 
vested  in  getting  the  next  version  right. 
At  worst,  the  patch  turns  out  to  be  worse 
than  the  security  hole,  breaking  some 
necessary  functionality,  leading  to  a  new 
round  of  patch-writing  and  testing. 


While  1  don’t  wish  to  minimize  the 
amount  of  time  you  spend  making  sure 
your  network  is  secure,  it  is  necessary  to 
occasionally  step  back  and  ask  if  the  cost 
of  the  solution  is  more  than  the  cost  of  the 
problem. 

Take  the  recent  flap  about  SNMP  vul¬ 
nerabilities  (“CERT  warns  of  SNMP  vul¬ 
nerability  with  widespread  impact,” 
www.nwfusion.com,  DocFinder:  8829). 
While  a  denial-of-service  attack  is  a  hole 
that  should  be  closed,  for  the  most  part 
no  patch  is  required  —  just  good  man¬ 
agement  by  those  in  charge  of  the 
network. 

Nevertheless,  every  vendor  with  SNMP- 
enabled  products  needed  to  hold  meet¬ 
ings,  discuss  strategies,  write  press  re¬ 
leases  and  —  of  course  —  issue  patches. 
These  patches  mostly  don’t  close  holes 
but  simply  change  default  behavior  — 
something  any  self-respecting  network 
manager  already  should  have  done.  It’s 
your  network:  You  need  to  take  responsi¬ 


bility  for  how  it’s  set  up  and  how  it’s 
protected. 

Kearns,  a  former  network  administrator,  is 
a  freelance  writer  and  consultant  in  Silicon 
Valley.  He  can  be  reached  at  wired@ 
vquill.com. 


Tip  of  the  Week 


For  those  of  you  old  enough 
to  remember  NetWare  2.X 
you  most  likely  have  fond 
memories  of  Snipes,  the  ser¬ 
ver  console-based  "shoot 
'em  up"  game.  Good  news! 
There’s  now  a  Linux  version 
(www.nwfusion.com,  Doc¬ 
Finder:  8830)  —  only  single- 
user  right  now,  but  network 
support  is  promised. 


fcfc  Microsoft  is  now  becoming  a  force  in  the 
enterprise  mobile  market.  9  9 


Wireless 

continued  from  page  21 

Outlook  Mobile  Access  into  Ex¬ 
change  Server  and  tucking  the 
security  and  authentication  gate¬ 
way  into  Internet  Security  and 
Acceleration  Server  (ISA).  The 
group  also  plans  to  integrate  mo¬ 
bile  security  with  Active  Directory 
and  ultimately  Microsoft’s  Pass¬ 
port  authentication  service. 

“Bringing  wireless  into  the  core 
Exchange  functionality  makes 
sense,”  says  John  Prince,  core 
technology  manager  for  con¬ 
nectivity  at  energy  giant  Conoco. 
“But  we  have  some  concerns 
about  bringing  the  gateway  into 
ISA  because  we  don’t  think  it  has 
the  robustness  and  throughput  of 
a  high-end  firewall.”  But  Prince 


says  Microsoft  is  on  the  right 
track  with  its  infrastructure 
changes.“The  key  is  to  build  an 
application  once  and  access  it 
from  anywhere.” 

To  that  end, Microsoft  will  build 
into  the  next  version  of  SQL  Ser¬ 
ver,  code-named  Yukon,  mobile 
access  to  structured  and  un¬ 
structured  data.  That  comple¬ 
ments  last  year’s  release  of  SQL 
Server  CE,  which  lets  the  data¬ 
base  run  on  mobile  devices  and 
be  synchronized  wirelessly  to 
the  back  end. 

The  Yukon  technology  also  is 
the  foundation  for  a  new  uni¬ 
versal  file  system  being  built  for 
Windows.  And  Microsoft’s  Con¬ 
tent  Management  2000  server 
already  has  mobile  features 
built  in. 


Warren  Wilson 

analyst,  Summit  Strategies 

On  the  management  side,  Micro¬ 
soft  says  mobility  will  become  an 
extension  of  existing  server  man¬ 
agement,  and  mobile  applica¬ 
tions  will  be  administered  like 
Web  applications  are  today  The 
next  version  of  System  Manage¬ 
ment  Server,  code-named  Topaz,  is 
getting  mobile  client  features.The 
first  beta-test  version  is  due  this 
month. 

And  this  summer  the  company 
will  release  the  .Net  Compact 


Framework  for  Windows  CE,a  mo¬ 
bile  version  of  the  .Net  Framework 
run-time  environment,  which  lets 
Web  service  applications  run  atop 
the  .Net  platform. 

To  build  those  applications, 
Microsoft  released  in  February  its 
Mobile  Internet  Toolkit  as  part  of 
Visual  Studio.Net.  Rival  Sun  is 
countering  with  its  Java  2  Micro 
Edition  and  a  new  Mobile  Edition 
of  its  Forte  programming  tools. 

“When  Microsoft  moves  up¬ 
stream  from  providing  wireless 
e-mail  access  to  .Net  they  see  a 
broader  scope  for  content  deliv¬ 
er^’ says  Ken  Dulaney, an  analyst 
with  Gartner. 

He  says  Microsoft  is  exploiting 
XML  in  its  infrastructure  prod¬ 
ucts  and  its  ability  to  separate 
the  business  logic  from  the  pre¬ 
sentation  of  data.  “The  business 
logic  does  its  thing  and  pro¬ 
duces  output  in  XML  and  the 
presentation  layer  takes  the 
feed,  recognizes  the  device 
making  the  request,  and  deliv¬ 
ers  the  formatted  data  in  real 
time  or  by  store  and  forward.” 

Device  changes 

As  Microsoft  revamps  its  infra¬ 
structure,  it  is  pushing  hard  to 
align  its  PDA  and  phone  software 
and  enlist  its  partners  to  sell  the 
strategy 

In  March,  the  company  ap- 


QUIGKTAKE 


SMC's  971 2G  TigerChassis 


SMC  Networks  recently  released  a  chassis-based  switch  that  could  help  a  midsize  business  boost  its 
network  with  Layer  3  switching  and  Gigabit  Ethernet  without  busting  its  IT  budget. 

The  SMC  9712GTigerChassis  supports  Layer  2  and  Layer  3  switching  on  each  port  and  includes  802.1Q 
virtual  LAN  support  and  four  packet  classification  queues  for  traffic  prioritization.The  device  also  can 
act  as  a  full  hardware-based  router,  with  support  for  Routing  Information  Protocol  versions  1  and  2  and 
Open  Shortest  Path  First  routing  protocols.The  switch  also  can  be  managed  with  SNMP  and  remote 
monitoring  management  protocol. 

Speed:  24G  bit/sec  total  switching  capacity. 

Ports:  Up  to  96  10/100M  bit/sec  ports,  24  1000M 

bit/sec  ports  or  a  mix. 

Where  it  runs:  Midsize  network  core  or  high- 

density  wiring  closet. 

Competition:  3Com’s  Switch  4005,  Hewlett- 

Packard's  Procurve  Switch  4121A. 

Price:  $3,120 

Web  address:  www.smc.com 


pointed  12-year  Microsoft  veter¬ 
an  Pieter  Knook  to  head  a  new 
division  that  combines  the  for¬ 
mer  network  service  provider 
and  mobile  devices  group. 

He  is  charged  with  integrating 
Windows  CE  and  CE  .Net,  Pocket 
PC  2002  and  SmartPhone  2002 
operating  systems  with  the  over¬ 
all  mobile  strategy,  and  develop¬ 
ing  partnerships  with  service 
providers  to  push  the  technolo¬ 
gies  to  end  users  over  rivals  such 
as  PDA  leader  Palm  and  phone 
king  Nokia. 

According  to  Gartner,  Palm  has 
60%  of  the  handheld  market,  but 
only  a  third  of  that  in  the  enter¬ 
prise  market.  In  contrast,  Micro¬ 
soft  has  20%  of  the  market,  but 
80%  of  that  is  enterprise  sales. 
Palm  is  countering  with  messag¬ 
ing  and  database  servers  to  com¬ 
plement  its  devices. 

Microsoft  faces  a  different  chal¬ 
lenge  in  the  mobile  phone  mar¬ 
ket.  In  February, company  officials 
said  they  want  to  have  software 
on  100  million  mobile  phones  in 
the  next  three  to  five  years.  But 
today,  only  Samsung,  Mitsubishi 
and  Sendo  have  committed  to 
using  it.  ■ 
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How  can  you  connect  old 
systems  to  new?  Internal 
to  external?  Us  to  them? 

What  is  .NET  connected 
software?  Get  the  answers 
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before  the  questions  start 
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PACKET  DELIVERY:  Quality  of  service  in  the  enterprise. 


Bandwidth:  Quality  over  quantity? 


■  BY  TIM  GREENE 

There’s  been  lots  of  talk  about  quality  of  service  in 
LANs,  but  unless  you’re  running  voice,  video  or 
other  unforgiving  applications,  you  can  probably 
solve  congestion  by  simply  throwing  more  bandwidth  at 
the  problem. 

After  all,  according  to  IDC,the  average  worldwide 
price  of  a  Gigabit  Ethernet  switch  port  is  $531  —  with 
some  individual  prices  just  a  fraction  of  that  —  and  the 
cost  is  projected  to  continue  dropping  for  the  foresee 
able  future.  By  2006  the  average  price  per  port  will  be 
less  than  $200,  IDC  says. 

These  are  affordable  prices  for  many  companies,  espe 
dally  if  more  bandwidth  means  not  having  to  learn  the 
ins  and  outs  of  underlying  QoS  technologies  such  as 
802. IP  and  Q, Differentiated  Services  and  type  of  ser¬ 
vice.  These  factors  actually  make  it  attractive  to  avoid 
implementing  QoS  altogether  if  possible. 

“The  only  ones  that  I  see  turn¬ 
ing  on  QoS  in  the  LAN  are  those 
deploying  IP  telephony’ says 
Lawrence  Orans,  an  analyst  with 
Gartner.  And  even  some  of  those 
are  ducking  QoS. 

The  Auditor  General’s  office 
for  the  state  of  Arizona  has 
used  IP  telephony  for  225  users 
for  18  months  using  Cisco  gear 
without  QoS,  says  Joe  Moore, 
director  of  IT  services  for  the 
office.“We  just  wanted  to  try  the 
IP  voice  and  see  what  we’d 
have  to  do  about  QoS,”  Moore 
says.“So  far  we  haven’t  done 
anything,  and  we  haven’t  had 
any  major  concerns.”The  only 
problem  users  report  is  an 


called  Policy  View  with  OneTouch  that  simplifies  config¬ 
uration  of  QoS  for  common  applications.  Among  other 
features,  OneTouch  has  a  shortcut  for  voice  traffic  that 
requires  network  administrators  to  type  the  subnet  of 
the  IP  phones  into  a  field  to  set  up  voice-quality  service, 
and  that’s  it. The  software  automatically  chooses  the  sim¬ 
plest  method  to  deliver  the  best  possible  quality  of  ser¬ 
vice,  taking  into  consideration  the  capabilities  of  the 
switches  involved.  Users  don’t  have  to  worry  about  the 
underlying  technology 

Similarly,  Cisco  offers  Cluster  Management  Suite  to  sim¬ 
plify  setting  QoS,  Enterasys  Networks  sells  NetSight 
Policy  Manager  to  do  the  same,  and  Nortel  has  configu¬ 
ration  wizards  as  part  of  its  Optivity  Policy  Server. 

Users  need  these  policy  managers  because  para¬ 
meters  they  can  set  to  control  QoS  include 
source-destination  addresses,  protocol,  User 
Datagram  Protocol  (UDP)  or  TCP  port  number, 
virtual  LAN  ID.ethertype  values,  rate  limiting  and 


QoS  mechanisms 

Vendors  rely  on  a  variety  of 
underlying  technologies  to 
provide  quality  of  service: 


Defining  QoS 


Quality-of-service  technologies  are  intended  to  handle  what 
sheer  bandwidth  or  data-compression  techniques  cannot  — 
that  is,  guaranteed  timely  delivery  of  specific  application  data 
or  resources  to  a  particular  destination  or  destinations. 


QoS  advantages 

•  Guarantees  bandwidth  for  key 
applications  and  users. 

•  Can  put  off  the  need  for  faster 
network  infrastructure. 

•  Can  help  in  network  planning  by 
measuring  and  managing  traffic 
flow. 


QoS  disadvantages 

•  Management-software  packages 
are  a  must  to  avoid  complex 
configuration  challenges. 

•  Implementations  may  require 
swapping  out  some  old  gear. 

•  Can  create  political  problems  as 
battles  arise  over  who  gets  the 
good  QoS  and  who  controls  it. 


Where  will  QoS  have 
its  greatest  impact? 

Corporate  networks  using  voice 
over  IP  and  videoconferencing. 


Users  of  demanding  applications 
such  as  SAP. 


occasional  echo  on  the 
line,  and  he’s  not  sure 
QoS  would  solve  that. 

But  Orans  warns  that 
eventually  QoS  may  be 
needed. “It’s  like  playing 
Russian  roulette.  Five  times 
out  of  six,  you’re  going  to  be 
OK. Then  there  will  be  those  times 
when  there’s  a  lot  of  congestion  on  the  network  and 
someone  picks  up  the  phone,  and  they  get  inferior 
quality 

With  even  those  who  theoretically  need  it  the  most 
avoiding  QoS,  vendors  are  trying  to  make  the  technology 
more  inviting. Vendors  such  as  3Com,  Cisco  and  Alcatel 
include  QoS  technology  in  their  LAN  switches  at  no  extra 
cost,  giving  users  the  option  to  turn  it  on. They  also  are 
developing  QoS  management  software  —  available  at 
extra  cost  —  that  configures  service  quality  without  hav¬ 
ing  to  dig  into  switch-by-switch  configuration.This  soft¬ 
ware  lets  customers  set  service-quality  parameters  for  cer¬ 
tain  traffic  on  a  graphical  user  interface,  and  then  the  soft¬ 
ware  takes  over  to  configure  the  affected  switch  ports 
accordingly. 

Alcatel  next  month  will  ship  a  new  software  platform 


even  time  of  day.’Thafs  really  too 
much  for  the  average  user’’ says  John 
Mead,  Nortel’s  director  of  software  engi¬ 
neering  for  its  BayStack  products. 

“All  the  major  players  have  good  quality  of  service 
at  this  time,”  especially  those  that  that  sell  voice  and  data 
equipment,  such  as  Alcatel,  Avaya,  Cisco  and  Nortel, 
Orans  says.  Others,  such  as  Enterasys,  support  QoS  but 
don’t  sell  voice  gear  themselves,  he  says. 

In  some  environments,  network  executives  need  QoS 
because  their  end  users  will  find  a  way  to  eat  up  all 
bandwidth  no  matter  how  much  there  is. 

“You’re  always  going  to  consume  whatever  bandwidth 
you  have.  I  can  toss  meg[abit]  after  meg  after  meg  at  an 
[application], and  it  will  be  used  at  95%, "says  Brian 
Young,  CIO  at  Hobart  and  William  Smith  colleges  in 
Geneva,  N  Y  Increasingly  sophisticated  students  bring 
more  bandwidth-hungry  gear  to  campus  each  year,  he 
says,  so  he  needed  a  way  to  prioritize  who  gets  how 
much  bandwidth  when. To  do  this,  the  colleges  use 
Enterasys  gear. 


“We  can  crank  up  the  delivery  of  bandwidth  to  the 
academic  network  during  classes,  and  during  these 
times  turn  down  these  resources  to  the  residential  net¬ 
work.  When  classrooms  are  not  in  their  heavy-use  time, 
we  can  crank  up  the  residential  network, ’’Young  says. 
The  college  uses  videoconferencing  to  tie  a  remote 
author  in  to  talk  to  a  literature  class  and  earlier  this  year 
streamed  video  of  varsity  lacrosse  games. 

Young  says  learning  to  run  QoS  was  a  matter  of  his 
network  engineer  and  director  of  enterprise  systems 
each  taking  two  five-day  training  courses. 

Looking  to  the  future, Young  says  he  hopes  to  imple¬ 
ment  an  Enterasys  feature  called  User  Personalized 

Networking,  which 
deploys  QoS  to  users 
instead  of  ports.  Each 
end  user  is  assigned 
QoS  rights,  and  when 
they  authenticate  to 
the  network  their  QoS 
profile  is  imposed  on 
whatever  device  they 
log  on  from.  So  if  a 
user  worked  for  the 
day  from  a  desktop  in 
a  different  depart¬ 
ment,  that  desktop 
would  be  assigned  a 
QoS  profile  to  match 
the  user’s.  Nortel  says 
that  in  conjunction 
with  other  vendors,  it 
is  working  on  some¬ 
thing  similar  that  it 
plans  to  announce 
soon. 

Vendors  also  are 
looking  to  integrate 
this  user-linked  QoS 
with  wireless  net¬ 
working.  Nortel  says 
its  goal  is  for  users  to 
log  on  to  a  corporate  network  from  a  public  wireless  hot 
spot  and  get  their  traffic  handled  with  the  priority  they 
would  get  on  the  LAN.  Enterasys  says  it  has  designed  its 
QoS  scheme  to  evolve  to  include  wireless. 

Implementing  QoS  on  multivendor  networks  is  still 
down  the  road.  Despite  being  based  on  standards, QoS 
implementations  vary  from  vendor  to  vendor.  And  be¬ 
cause  QoS  involves  mapping  certain  QoS  fields  to  other 
QoS  fields,  interoperability  becomes  even  more  complex. 
So  at  the  moment,  users  pretty  much  have  to  use  one  ven¬ 
dor’s  gear  to  effectively  deploy  QoS,  Orans  says. “Among 
vendors,  we’re  not  seeing  a  lot  of  interest  in  interoperabili¬ 
ty  but  if  you  go  to  a  single  vendor, you’re  all  set,”  he  says. 

A  cooperative  effort  among  vendors  established  the 
QoS  Forum  in  1999,  but  the  group  seems  to  have  run  out 
of  gas.  Its  goal  was  “to  educate  the  market  and  facilitate 
deployment  of  QoS-enabled  IP  products  and  services."  It 
even  had  a  Web  site,  www.qosforum.com,  which  still 
exists  but  lacks  any  information  about  the  QoS  Forum. 
Advances  in  interoperability  will  have  to  come  from 
somewhere  else.  ■ 


IEEE  standards  802.1P  and  802.1Q 

•  Support  quality  of  service  at 
Layer  2. 

•  802.1  P  provides  for  eight  traffic 
classes  drawn  from  priority 
fields  in  802. IQ  VLAN  tags. 

Differentiated  Services 

•  Supports  quality  of  service  at 
Layer  3. 

•  Offers  up  to  64  priorities  of 
services. 

Type  of  service 

•  Supports  quality  of  service  at 
Layer  3. 

•  Supports  eight  levels  of  priority. 


separation  between  tomorrow’s  vision  and  today’s 
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Time  Warner:  Bandwidth  hogs,  pay  up! 

Cable  company  decides  heavy  bandwidth  users  will  pay  an  additional  monthly  fee. 


■  BY  MICHAEL  MARTIN 

The  all-you-can-eat  bandwidth  buffet 
that  cable  modem  users  enjoy  may  soon 


■  Despite  the  wide-scale  availability 
of  broadband  services,  the  majority  of 
U.S.  consumers  will  continue  to  ac¬ 
cess  the  Internet  via  dial-up  through 
2006,  according  to  the  recent  report 
“V.92-Broadening  Narrowband”  from 
ln-Stat/MDR.The  result  will  be  a  re¬ 
newed  interest  in  V.92  modems,  which 
let  users  make  a  phone  call  while  on¬ 
line,  and  offer  faster  connections  and 
upload  speeds.  While  only  11%  of  con¬ 
sumers  use  V.92  modems  today,  by 
2004,  In-Stat  predicts  V.92  modems  will 
account  for  100%  of  all  consumer  mo¬ 
dems  sold  in  the  U.S.  www.instat.com 

■  Harris  Corp.,  recently  announced 
a  version  of  its  STAT  Scanner  for 
small  offices.  A  vulnerability  assess¬ 
ment  tool,  STAT  Scanner  detects  and 
fixes  more  than  1,400  Windows  NT, 
2000  and  XP  security  vulnerabilities, 
and  checks  for  the  presence  of  the 
latest  software  patches  for  Windows 
operating  systems,  Outlook,  Media 
Player,  Internet  Information  Server 
and  Netscape  Communicator.  The 
product  costs  $99  per  PC  and  is  avail¬ 
able  from  www.softwareshelf.com. 

■  SMC  Networks  recently  an¬ 
nounced  the  Barricade  Plus 
Cable/DSL  Broadband  Router 

for  small  to  midsized  businesses.  The 
router  includes  a  four-port  10/100M 
bit/sec  switch  with  integrated  state¬ 
ful  packet  inspection  firewall,  and 
supports  five  Point-to-Point  Tunneling 
Protocol  and  IP  Security  VPN  tun¬ 
nels.  A  wireless  version  includes  an 
802.11b  access  point  and  three- port 
switch,  and  supports  roaming. 
Available  in  May,  the  routers  will  cost 
$159  and  $259,  respectively. 
www.smc.com 


come  to  an  end. 

Later  this  year,  Time  Warner  Cable  will 
begin  charging  users  a  fee  for  download¬ 
ing  more  than  a  monthly  limit.  The  com¬ 
pany  has  yet  to  release  specific  pricing 
changes. 

The  reason  behind  the  move?  Cable  mo¬ 
dem  hogs  cost  cable  companies  money. 
Their  networks  are  based  on  a  shared 
infrastructure  with  several  homes  or  busi¬ 
nesses  sharing  a  local  access  pipe.  If  one 
home  or  business  is  using  its  connection 
to  transfer  large  amounts  of  data,  perfor¬ 
mance  for  all  other  homes  or  businesses 
that  rely  on  the  same  access  pipe  is 
affected.  Ultimately,  to  ensure  better  per¬ 
formance  for  cable  modem  users  on  that 
portion  of  the  network,  the  cable  com¬ 
pany  has  to  segment  the  network  by  in¬ 
stalling  new  equipment. 

“Some  users  take  up  an  inordinate 
amount  of  bandwidth,” says  Mike  Luftman, 
a  spokesman  for  Time  Warner  Cable. 


Pricing  plans 

Here’s  how  three  major  cable  providers  stack  up  now  and  a  glance  at 
where  they’re  headed. 


Company 

Price 

Plans 

Time  Warner 

$44.95  per  month. 

To  charge  heavy  users  extra  later  this  year. 

Comcast 

$39.95  per  month;  $44.95 
with  modem  rental. 

No  impending  pricing  changes. 

Cox  Com- 

$34.95  per  month;  $49.95 

To  introduce  128K  bit/sec  symmetrical 

mnications 

with  modem  rental. 

services  later  this  year. 

“Anyone  staying  below  a  total  amount  of 
bits  moved  per  month  won’t  pay  more.  But 
if  you  consistently  go  over  the  limit, you’re 
going  to  have  to  pa/ 

Telework  programs  for  large  enterprise 
customers  won’t  likely  be  affected  be¬ 
cause  they’re  already  subject  to  special 
pricing  plans  handled  by  the  cable  com¬ 
panies’  business  divisions.  But  corporate 


teleworkers  for  smaller  companies,  who 
regularly  upload  and  download  large 
graphics  files,  for  instance,  stand  a  greater 
risk  of  being  affected  than  those  who  use 
their  cable  connection  mostly  for  e-mail. 

Unlike  some  restrictions  imposed  on 
cable  modem  users  in  the  past,  such  as 
not  letting  teleworkers  connect  to  their 
See  Bandwidth  hogs,  page  28 


Creating  a  safety  zone  for  home  nets 


■  BY  MIKE  AVERY 

Lately,  every  time  I’m  on  the  Internet,  1 
feel  like  a  target.  E-mail  viruses,  port 
scanners,  Web  pages  with  evil  software 
are  all  active  menaces.  Then  there’s  the 
endless  parade  of  marketers  trying  to 
harvest  my  e-mail  address  or  lure  me  to 
their  sites  with  pop-up  ads. 

So  when  Zone  Labs  re¬ 
cently  released  Version 
3.0  of  its  Zone  Alarm  Pro 
(ZAP)  security  product,  1 
was  eager  to  see  how  its 
protection  stacked  up 
against  that  of  the  corporate  firewalls  I’m 
accustomed  to.  I’m  happy  to  report  ZAP 
provides  strong  protection  on  several 
fronts  while  making  Web  browsing  more 
enjoyable. 

Zone  Labs  has  long  been  known  for  its 
free  Zone  Alarm  product.  The  company 
also  offers  a  professional  line  with 
enhanced  features  that  we  tested  via  a 
Web  site  download.  Installation  on  my 
Windows  98SE-based  PC  took  less  than  10 
minutes.The  program  defaulted  to  a  mod¬ 
erate  level  of  security,  and  carefully 
explained  each  option. 


ZAP  traps 

With  Zone  Alarm  Pro  on  the  prowl,  it 
immediately  detected  the  PC  was  on  my 
local  private  network  behind  a  firewall 
and  asked  whether  this  was  a  trusted  net¬ 
work.  From  then  on,  every  time  any  of  my 
programs  tried  to  access  the  network, 
ZAP  requested  approval.  You  may  not 
realize  how  often  programs  on  your  PC 
try  to  access  the  Web  with¬ 
out  your  knowledge  — 
when  you  register  an  appli¬ 
cation,  when  it  tries  to 
update  itself,  or  when  spy- 
ware  tries  to  send  your  per¬ 
sonal  information  to  its  home  base. 

Like  many  corporate  teleworkers,  I  con¬ 
nect  my  laptop  to  the  Web  through  a  vari¬ 
ety  of  connections.  In  my  home  office,  I 
use  our  test  lab’s  Ethernet  segment  con¬ 
nected  directly  to  the  Internet.  When  trav¬ 
eling,  1  connect  over  a  dial-up  connec¬ 
tion.  After  work,  1  connect  through  a 
home  gateway.  ZAP  immediately  detected 
each  new  network  and  asked  questions 
about  the  connection. 

When  programs  tried  to  communicate  in 
unusual  ways,  ZAP  clued  me  in.  Every  time 
I  started  the  network  troubleshooting  tool 


Custom  Privacy  Sellings 


Customize  cookie  control  for  ell  future  Web  sites  >ou  visit 


Session  Cookies - \ 

ri ss*  session  cocides 

.'Persistent  Cookies-  ■  s. 

(  P  Bloc<  persistent  cookie? 

/•3rd  Party  Cookies - v 

17  Bloc<  3rd  parte  cookies 
|7  Disaole  web  bugs 
17  R*rmvp 

."Cookie  Expiration - 

V  Expne  cookie? 

IwnedscV  alter  receipt 

(*  Artei  n  days 

/Privity  Ad  -  :  :  - V 

The  Privacy  Adsowi  nfoims  you  when  privacy  sellings  rtetfwe 
wilh  a  WsbsAe  yoc  are  vising. 

|7  Show  Privacy  Advisor 

(Reset  ~o  Qtjfauk] 


I  OK  (P  Cancel  ~H  ] 

. .  .  ..  _ < _ 

Crisp,  clean  and  easy  to  understand,  the  ad- 
blocking  control  screen  in  ZAP  makes  it  easy 
to  control  what  appears  on  your  browser. 

Network  Instruments  Link  Analyst, ZAP  told 
me  the  program  had  tried  to  access  an  IP 
address  at  Pbrt  60551.  This  suspicious 
behavior  turned  out  to  be  benign  —  just 

See  Zone  Alarm,  page  28 
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Firewall  program  aims  to  protect  remote  offices 


The  firewall  market  is  a  pretty  wild 
and  wooly  place.  You’ve  got  hard¬ 
ware  and  software  products  target¬ 
ing  big  companies  and  small, being  built 
into  routers  and  gateways,  and  gunning 
for  consumers’  desktops.  Just  as  confus¬ 
ing  is  the  variety  of  technologies  in  play. 
Do  you  want  a  proxy  firewall;  a  network 
address  translation  firewall;  one  that 
employs  stateful  packet  inspection? 

Until  now,  the  International  Computer 
Security  Association  (ICSA)  Labs  firewall 
certification  program  has  used  a  one- 


size-fits-all  set  of  criteria  to  test  the  secu¬ 
rity  of  firewall  devices.  As  a  result,  some 
lower-end  products  have  gone  uncerti¬ 
fied,  leaving  small-office  workers  and 
consumers  to  scratch  their  heads  over 
technical  jargon,  weigh  marketing  hype 
and  worry  whether  their  networks  are 
suitably  protected. 

The  good  news  is  ICSA  Labs  is  about  to 
unveil  Version  4.0  of  the  certification 
program,  which  addresses  the  changing 
market.  A  two-step  process,  4.0  certifica¬ 
tion  requires  a  product  to  pass  a  base¬ 
line  set  of  criteria,  and  also  be  tested 
against  its  target  audience  and  the  char¬ 
acteristics  of  the  networks  involved. 
Vendors  must  be  tested  in  either  the  res¬ 
idential/consumer,  small  office/branch 
office/teleworker,  or  traditional  corpo¬ 
rate  categories. 

In  the  residential/consumer  environ¬ 


ment,  the  idea  is  “to  protect  users  who 
don’t  know  what  a  firewall  is  but  think 
it’s  a  good  idea  to  have  one,”  says  A1 
Potter,  manager  of  ICSA's  network  secu¬ 
rity  lab.  To  pass  the  test,  the  firewall 
device  must  be  easy  to  configure,  and 
safe  by  default.  It  needn’t  support  in¬ 
bound  services  or  include  remote  man¬ 
agement  features. 

In  the  second  category,  the  firewall 
device  sits  in  the  home  office  or  branch 
office  and  is  managed  remotely  by  an  IT 
administrator  in  the  corporate  office. 
Such  a  device  must  be  connected  and 
administered  from  the  public  side  of  the 
firewall  through  an  encrypted  channel, 
and  should  allow  for  some  inbound  ser¬ 
vices  to  an  e-mail  and  Web  server.  The 
third  category  is  a  traditional  corporate 
firewall,  the  criteria  of  which  remains  rel¬ 
atively  unchanged. 


“We  shaped  these  categories  to  reflect 
the  way  they’re  being  used,”  Potter  says. 
“We  each  asked  ourselves:  How  do  I 
configure  my  firewall?  The  answer  is,  I 
allow  everything  out  but  nothing  back 
in.  That’s  fine  at  home  but  not  for  the 
enterprise.” 

Other  activity  at  ICSA  Labs  includes  the 
development  of  a  new  host-based  firewall 
program  for  certifying  desktop  firewalls. 
This  too  will  include  separate  modules 
targeting  the  corporate  market  and  con¬ 
sumer  markets. 

Potter  says  the  Labs  will  turn  its  attention 
later  down  the  road  to  developing  a  mod¬ 
ule  for  measuring  firewall  performance. 
“Four  or  five  years  ago,  the  focus  was  on 
security,  then  on  features.  Now  that  these 
are  a  given,  performance  will  become  the 
primary  interest,”  adds  firewall  programs 
manager  Brian  Monkman. 


Zone  Alarm, 

continued  from  page  27 

the  way  Link  Analyst  determines  its  IP  ad¬ 
dress  for  building  network  maps.  But  I  felt 
reassured  that  ZAP  trapped  it. 

To  check  out  how  well  ZAP  hid  my  PC 
from  port  scanners  and  other  would-be 


More  online! 


For  an  expanded  version  of  this  review,  head  to 
Net.Worker  online. 
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spies,  I  tried  the  Leak  Test  at  Gibson  Re¬ 
search  Center  (http://grc.com/lt/leaktest 
.htm).  Leak  Test  tries  to  get  out  through  a 
firewall  the  same  way  a  Trojan  horse  pro¬ 
gram  would.  ZAP  stopped  it  cold. To  do  a 
port  scan  on  the  PC,  I  used  IpSwitch’s 
network  monitoring/diagnostic  program 
called  What’s  Up  Gold.  ZAP  shut  down  the 
first  64,000  port  addresses,  ensuring  my 
PC  was  safe  from  attack. 

New  to  Version  3.0  is  the  ability  to  stop 
malicious  e-mail.  Zone  Alarm  does  this  by 
quarantining  e-mail  that  includes  exe¬ 
cutable  attachments.  I  tested  this  feature 
using  Pegasus  Mail  for  Windows,  which  I 
consider  much  more  secure  than  Micro¬ 
soft  Outlook.  When  I  sent  myself  exe¬ 
cutable  attachments,  they  were  quaran¬ 
tined,  and  I  had  to  answer  several  ques¬ 
tions  before  I  could  execute  the  attach¬ 
ments.  This  feature  alone  should  all  but 
eliminate  Microsoft  e-mail  viruses. 


Stress-free  surfing 

ZAP  also  made  good  on  its  promise  to 
improve  my  Web  surfing  —  controlling 
pop-up  ads,  cookies  and  banner  advertis¬ 
ing.  While  ZAP  removed  all  pop-up  ads  and 
kept  my  identity  hidden,  the  cookie  man¬ 
ager  doesn’t  let  you  permit  cookies  on  one 
site  but  not  another.  The  feature  for  con¬ 
trolling  banner  advertising  was  better.  It  let 
me  turn  off  banner  ads  altogether,  drop  the 


Bandwidth  hogs 

continued  from  page  27 

businesses  via  VPNs,  the  bandwidth  limits 
are  not  aimed  solely  at  business  users.  But 
in  some  cases,  the  restrictions  could  make 
cable  access  a  more  expensive  proposition 
than  companies  had  expected. 

While  charging  heavy  cable  modem  us¬ 
ers  more  per  month  may  drive  some  of 
them  to  other  access  methods,  such  as 
DSL,  that’s  not  necessarily  a  bad  thing  for 
cable  providers,  says  Matthew  Davis,  an 
analyst  with  The  Yankee  Group. 

Heavy  users  cost  the  cable  companies  a 
lot  of  money  by  forcing  them  to  make  net¬ 
work  changes,  and  it’s  not  necessarily 
worthwhile  for  the  providers  to  keep  the 
heavy  users  happy,  Davis  says.  The  cable 
providers  will  likely  ensure  that  the  addi¬ 
tional  charges  aren’t  large  enough  to 
drive  away  droves  of  users,  he  adds. 

Any  pricing  scheme  the  cable  providers 
come  up  with  is  unlikely  to  deter  tele¬ 
work  programs  from  continuing  to  rely 
on  cable  modem  access,  says  Dana  Tar- 
delli,  an  analyst  with  Aberdeen  Group.“If 
it’s  $40,  $50,  $60  or  $70  per  month,  it 
shouldn’t  matter  because  access  is  ac¬ 
cess  and  the  job  still  needs  to  get  done," 
he  says.“If  they  doubled  the  price.it  might 
be  a  problem,  but  I  doubt  they’d  do  any¬ 
thing  that  drastic.” 

While  Comcast  and  Cox  Communica¬ 
tions  each  say  they  have  no  immediate 
plans  to  follow  Time  Warner’s  lead,  now 
that  technology  that  lets  providers  moni¬ 
tor  network  usage  is  available,  it  may  be 
only  a  matter  of  time  before  they  too 


ads  that  take  a  long  time  to  load, or  replace 
such  ads  with  a  clickable  box  you  can 
open  if  you  want  to  see  the  ad. 

Last,  1  uninstalled  ZAP  to  ensure  that  it 
left  nothing  unpleasant  behind.  The 
uninstall  was  clean,  and  my  PC  worked 
well  afterwards.  But  as  soon  as  testing 
was  done,  I  quickly  reinstalled  it.  ZAP  is 
staying  on  my  computer  until  1  find 
something  better  to  take  its  place.  ■ 


move  to  a  usage-based  system.  Another 
sign  of  things  to  come:  Cox  has  begun 
user  trials  of  a  tiered  service  for  which 
customers  pay  more  for  guaranteed  128K 
bit/sec  symmetrical  speeds,  says  spokes¬ 
woman  Amy  Cohn. 

In  moving  to  a  tiered  pricing  model,  Cox 
is  following  in  the  footsteps  of  DSL 
providers. 

Most  DSL  providers  offer  a  variety  of  ser¬ 
vices.  Consumer-class  offerings  typically 
provide  download  speeds  of  up  to  384K 
bit/sec  and  upload  speeds  of  up  to  128K 
bit/sec  with  no  service-level  agreements 
(SLA).  But  DSL  providers  also  offer  busi¬ 
ness-class  services,  with  symmetrical 
speeds,  some  SLAs  and  enhanced  cus¬ 
tomer  support  at  a  premium  price. 

DSL  providers  seem  happy  with  their 
tiered  approach  and  have  no  imminent 
plans  to  introduce  usage-based  pricing. 
F’art  of  the  reason  may  be  that  DSL  net¬ 
works  are  less  susceptible  to  bandwidth 
hogs  than  cable  networks.  DSL  connec¬ 
tions  are  dedicated  until  they  hit  the  DSL 
access  multiplexer  (DSLAM)  at  the  local 
central  office.  But  bandwidth  hogs  could 
still  affect  performance  for  other  DSL  users 
on  the  same  DSLAM  if  the  connection 
from  back  into  a  service  provider’s  Internet 
point  of  presence  was  not  large  enough. 

Another  reason  DSL  providers  may  not 
yet  be  looking  at  usage-based  billing  is 
because  “they  are  more  focused  on  trou¬ 
bleshooting  their  networks,”  Davis  says. 
Ultimately,  though,  Davis  says  he  thinks 
DSL  providers  will  move  down  the  same 
path  as  cable  providers  and  begin  to 
charge  heavy  users  extra.  ■ 


Net  Results 


Zone  Alarm  Pro  3.0 

Company:  Zone  Labs,  (415)  341-8200  Cost:  from  $49.95. 
Pros:  Easy  installation,  good  security,  enhanced  surfing. 
Cons:  Limited  control  of  cookies. 

RATING 


What’s  the  score? 

Zone  Alarm  3.0 

Security  40% 

5.0 

Ease  of  use  30% 

4.0 

Installation  30% 

5.0 

TOTAL  SCORE 

4.7 

Individual  category  scores  are  based  on  a  scale  of  1  to  5.  Percentages  are  the  weight  given 
each  category  in  determining  the  total  score  ■  Scoring  Key:  5:  Exceptional  showing  in  this 
category.  Defines  the  standard  of  excellence)  4:  Very  good  showing.  Although  there  may  be  room 
for  improvement,  this  product  was  much  better  than  the  average.  3:  Average  showing  in  this 
category.  Product  was  neither  especially  good  nor  exceptionally  bad.  2:  Below  average.  Lacked 
some  features  or  lower  performance  than  other  products  or  than  expected  1:  Consistently  subpar, 
or  lacking  features  being  reviewed. 
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■  Extending  the  availability  of  its 
business  applications  beyond  the 
desktop,  IBM  last  week  announced 
WebSphere  Everyplace  Access. 

The  software  lets  companies  add 
handheld  computers,  mobile  phones 
and  other  mobile  devices  to  the  list  of 
clients  that  can  access  applications, 
all  under  a  single  IT  architecture,  IBM 
says.  WebSphere  Everyplace  Access 
includes  a  client  component  and  sup¬ 
ports  features  such  as  synchroniza¬ 
tion.  It  extends  the  use  of  applica¬ 
tions  from  IBM,  such  as  WebSphere 
Application  Server  and  the  DB2 
database,  and  software  from  IBM 
subsidiaries  Tivoli  Systems  and  Lotus. 
Pricing  was  not  available,  www. 
ibm.com 

■  Jive  Software  is  retooling  its  dis¬ 
cussion  forums  collaboration  soft¬ 
ware  to  support  clustering  and  tout 
the  program's  ability  to  integrate 
with  other  systems  using  its  available 
source  code.  Version  2.5  of  Jive 
Forums,  announced  last  week,  fea¬ 
tures  a  module  that  lets  enterprise 
customers  run  the  software  in  a 
clustered  environment  to  improve 
performance  and  ensure  fault  toler¬ 
ance.  The  software  costs  $6,900  per 
server  for  the  enterprise  version. 

Each  additional  server  is  $2,300, 
including  basic  support  and  mainte¬ 
nance.  www.jivesoftware.com 

■  Palm  extended  its  foray  into  the 
corporate  software  market  last 
week  with  the  introduction  of  a  new 
product  aimed  at  corporate  soft¬ 
ware  developers  and  system  inte¬ 
grators  who  want  to  create  wireless 
applications  that  can  access  com¬ 
pany  databases  in  real  time.  Palm’s 
new  Wireless  Database  Access 
Server  lets  customers  create  cus¬ 
tomized  wireless  applications  using 
Integrated  Development  Environ¬ 
ments  such  as  AppForge  and  Metro- 
werks’  CodeWarrior.  The  applica¬ 
tions  can  access  information  in 
company  databases  in  real  time. 

The  company  did  not  reveal  pricing 
for  the  products,  www.palm.com 


Gupta  touts  Web  services 

Umang  Gupta  has  a  unique  per¬ 
spective  on  the  network  industry, 
having  been  at  the  forefront  of  the 
client/server  application  market  as 
the  founder  of  Gupta  ( now  Centra 
Software j  and  now  as  CEO  of 
Keynote  Systems,  a  company  best 


known  for  its  Web  site  performance  and  benchmark 
services.  He  spoke  recently  with  Network  World 
News  Editor  Bob  Brown  about  the  future  of  Web- 
based  applications  and  the  Internet  itself. 

What’s  your  take  on  Web  services? 

Long  term,  they  are  a  logical  way  for  the  world  to  go  for 
a  large  class  of  applications,  especially  consumer-facing 
applications,  but  even  interorganizational  ones.  How 
close  they  are  is  a  different  matter. There  is  a  class  of  Web 
services  we  know  are  coming  from  Microsoft  —  Passport 
is  a  classic  example  that’s  already  here.  How  they  emerge 
from  everyone  else  has  only  partly  to  do  with  the  tech¬ 
nology  A  lot  of  it  has  to  do  with  the  right  business  cli¬ 
mate.  The  analogy  I  would  use  was  the  original  introduc¬ 
tion  of  Windows  in  the  early  ’90s.  People  often  wondered 
what  applications  would  emerge  under  Windows  to 
replace  the  old  character-mode  applications,  and  while 
the  initial  applications  were  the  classic  spreadsheets  and 
word  processors,  today  of  course  there  are  thousands  of 
[graphical  user  interface] -based  applications. The  same 


level  of  unleashed  creativity  is  going  to  determine  how 
big  Web  services  finally  get.  Once  the  general  technology, 
standards  and  [software  development  kits]  are  available 
for  people  to  build  new  classes  of  Web  services,  they  will 
be  everywhere. 

Is  this  going  to  come  down  to  another  Windows  vs.  Java  battle? 

Ultimately  it  will  end  up  being  a  form  of  a  standards 
battle,  but  the  bigger  question  is  not  Java  vs.  the  Windows 
platform. The  bigger  question  will  wind  up  being  desk¬ 
tops  vs.  devices. 

How  so? 

The  desktop  battle  is  over,  and  the  winner  is  Windows 
regardless  of  what  happens  with  the  antitrust  cases.  What¬ 
ever  Microsoft  offers,  whether  it’s  [Internet  Explorer]  with 
or  without  Java,  that’s  what’s  going  to  dominate  on  the 
desktop.  But  to  the  extent  that  desktops  themselves  over 
time  will  end  up  being  replaced  or  augmented  by  other 
devices,  the  battle  is  far  from  over  as  to  what  platform 
software  will  sit  on  these  devices.  If  it’s  a  phone  it  could 
very  well  be  based  on  Java,  Microsoft  or  even  Nokia  stuff. 
If  it’s  a  PDA  it  could  be  a  Windows  platform.  But  Java 
could  have  a  shot  also.  Web  services  ultimately  will  suc¬ 
ceed  because  there’s  a  class  of  things  people  want  to  do 
with  devices  that  are  much  better  done  with  Web  ser¬ 
vices  than  with  software  sitting  on  their  devices.  Location 
services  for  wireless  are  a  very  logical  Web  service.  So  I 
don’t  think  in  that  particular  case  it’s  necessarily  going  to 

See  Gupta,  page  32 


Instant  messaging  takes  linancial'  twist 


■  BY  CAROLYN  DUFFY  MARSAN 

Eight  of  the  nation’s  largest  financial  insti¬ 
tutions  are  deploying  a  specialized,  secure 
instant-messaging  service  from 
start-up  Communicator,  Inc., 
which  also  operates  the  Bond- 
Hub  and  SyndicateHub  infor¬ 
mation  portals  for  financial  ser¬ 
vices  companies. 

Communicator,  Inc.  will  an¬ 
nounce  the  financial  institution 
deals  this  week.  It  represents  one 
of  the  largest-ever  corporate  uses 
of  instant-messaging  technology 

The  service,  dubbed  Hub  1M, 
has  several  thousand  users  from 
Wall  Street  stalwarts  such  as 
Credit  Suisse  First  Boston, 


Goldman  Sachs, J.PMorgan  Chase, Lehman 
Brothers,  Merrill  Lynch,  Morgan  Stanley, 
Salomon  Smith  Barney  and  UBS  Warburg. 
“We  have  signed  up  the  eight  largest 


financial  institutions  and  banks,  and  now 
they  are  deploying  the  system  to  all  of  their 
institutional  employees  and  customers," 
says  Leo  Schlinkert,  president  of  Com¬ 
municator,  Inc.  “That  will  be 
[more  than]  2,000  companies, 
with  a  starting  user  base  and 
address  book  of  about  30,000 
users.” 

Hub  IM  uses  what’s  called  a 
federated  directory  system  that 
lets  the  financial  institutions  — 
not  Communicator,  Inc.  or  indi¬ 
vidual  users  —  control  who  has 
access  to  the  service.  So  each 
firm  controls  its  own  directory 
system,  while  being  part  of  a  larg¬ 
er  directory.  With  rival  instant- 
See  Communicator,  page  32 
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Hub  IM,  secure  instant-messaging  service. 


Leo  Schlinkert,  formerly  a  managing  director 
at  Salomon  Smith  Barney. 

Privately  held,  self-funded.  FY  2001  revenue: 
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At  some  level  it  might  sound  reason¬ 
able  to  stick  some  magic  hardware 
and  software  in  every  computer  to 
protect  copyrighted  material.  At  least  it 
seems  to  sound  reasonable  to  politicians 
who  I  expect  don’t  actually  use  computers. 
But,  to  someone  who  is  not  so  far  into  the 
copyright  industry  that  I’ve  lost  all  periph¬ 
eral  vision,  this  seems  like  a  very  bad  idea. 

Sen.  Ernest  Hollings  (D-S.C.),on  behalf  of 
at  least  a  few  of  the  people  he  supposedly 
was  elected  to  represent,  recently  intro¬ 
duced  the  misleadingly  titled  “Consumer 
Broadband  and  Digital  Television  Pro¬ 
motion  Act”  (Search  for  S.  2048  at 


Protecting  PCs  from  being  useful 


http://thomas.loc.gov/).  This  bill,  if  passed 
and  signed,  would  mandate  that  all  “digital 
media  devices”  sold  across  state  lines  in 
the  U.S.  would  have  to  include  a  “secure 
technical  means  of  implementing  direc¬ 
tions  of  copyright  owners  for  copyrighted 
works.” 

It  also  would  be  illegal  to  “knowingly 
remove  or  alter  any  standard  technology 
in  a  digital  media  device  lawfully  trans¬ 
ported  in  interstate  commerce.”  For  the 
purposes  of  this  legislation,  the  term  “digi¬ 
tal  media  device”  means  any  hardware  or 
software  that  reproduces  copyrighted 
works  in  digital  form  or  converts  copy¬ 
righted  works  in  digital  form  into  a  form 
whereby  the  images  and  sounds  are  visi¬ 
ble  or  audible.  This  would  include  your 
iPod  MP3  player,  your  desktop  or  laptop 
computer,  corporate  IBM  mainframes,  TV 
sets,  satellite  receivers,  your  new 
microwave  oven, your  kid’s  new  GameBoy 
and  just  about  any  other  piece  of  elec¬ 


tronic  gadgetry  you  can  imagine. 

It  is  hard  to  know  where  to  start  when 
talking  about  what  is  wrong  with  this  idea. 
But  1  will  not  begin  by  saying  that  copyright 
is  a  bad  concept.The  idea  of  copyright  is  in 
the  U.S.  Constitution  —  it  protects  me  as  an 
author  and  you  as  a  consumer  because 
you  have  more  things  to  consume  because 
the  producers  —  me,  fellow  Network  World 
columnist  Mark  Gibbs  and  Walt  Disney  — 
are  better  motivated  to  produce.  But  it  does 
not  follow  that  the  only  goal  of  civilization 
should  be  to  protect  copyright. 

The  main  usefulness  of  computers 
comes  from  the  fact  that  we  do  not  have  to 
decide  how  they  are  to  be  used  when  they 
are  built.They  are  general-purpose  devices. 
People  can  come  up  with  new  applica¬ 
tions  long  after  the  boxes  have  been 
shipped,  and  anything  that  reduces  this 
flexibility  of  use  inhibits  future  innovation. 
Requiring  that  all  computing  hardware 
include,  and  be  forced  to  use,  any  specific 
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favor  Java  or  Windows.  It’ll  depend  on  who’s  got  the  best 
devices  and  services. 

How  will  devices  actually  handle  these  potentially  complex  Web 
services? 

We  went  from  a  client/server 
world,  which  was  largely  a  thick 
client  and  a  thin  server  world,  to 
the  Internet  world,  which  allows 
you  to  build  around  a  thick  server 
in  thin  client  mode,  even  with  disk¬ 
less  devices.  With  the  next  genera¬ 
tion  of  devices  and  Web  services, 
we’ll  be  talking  about  thick  clients 
and  servers.  On  the  server  side, 
there  will  be  a  lot  more  intelligence 
needed  to  drive  these  Web  services, 
but  on  the  client  side  you’re  going 
to  need  some  pretty  smart  software 
—  browser  software,  device  [user 
interface]  software  or  what  have 
you  —  that  is  capable  of  integrating 
data  from  multiple  Web  services  and  still  presenting  it  logi¬ 
cally  to  the  client.These  browsers  themselves  are  going  to 
have  to  get  much  smarter. . .  .We’re  already  seeing  that  with 
[Internet  Explorer]. 

How  should  network  executives  prepare  for  Web 
services? 

Everybody’s  going  to  have  to  be  making 
changes  constantly.  It’s  not  going  to  be  a 
one-time  revolutionary  thing.The  big 
changes  on  the  client  side  will  end  up  com¬ 
ing  from  a  vendor  like  Microsoft  with  a  new 
version  of  its  browser  or  device  vendors 
that  will  integrate  thicker  browsers  into  their 
[user  interface]  software.  On  the  server  side, 
people  will  have  to  choose  sides  1  suspect.  If 
you  re  buying  NT  servers  and  standardizing 


on  them,  my  guess  is  you’ll  wind  up  with  a  lot  of  Microsoft 
standard  services.  If  on  the  other  hand  you’re  buying 
Solaris  or  IBM  or  any  of  the  other  platforms  that  are  poten¬ 
tially  more  scalable,  you  may  get  a  different  class  of  Web 
services.  All  the  discussion  about  all  of  these  companies 
working  together  is  encouraging,  but  the  devil  is  in  the 
detail.  We’ve  all  heard  the  talk  of  cooperation  on  stan¬ 
dards  for  Unix  for  many  years  and  we  know  how  many 
variations  of  Unix  exist. 

What  is  affecting  Internet  or  Web  performance  these  days? 

At  a  high  level,  it  usually  comes  down  to  one  of  two  things. 
Either  the  application  is  not  well-constructed  or  it’s  not  well- 

connected. What 
we’ve  found  over 
the  last  few  years  is 
there  was  a  large  set 
of  connection 
issues,  so  that  you 
didn’t  even  know  if 
you  had  application 
construction  prob¬ 
lems.  Four  or  five 
years  ago,  people 
were  largely  con¬ 
cerned  with  issues 
such  as:  Do  I  have 
the  right  bandwidth 
supplier  or  Web  hosting  supplier?  Today  though,  this  is  less  an 
issue  because  customers  are  smarter  about  choosing  the  right 
vendors  and  because  of  the  consolidation  in  the  industry  that 
has  resulted  in  fewer  but  bigger  and  more  reli¬ 
able  players  offering  these  services.  Now  there 
are  more  issues  emerging  at  the  application 
level  [and  Keynote  is  evolving  its  product  line 
to  address  such  things  as  application-level  per¬ 
formance  and  diagnostics] . 

Are  content  delivery  networks  having  much  of  a 
positive  impact  on  Internet  performance? 

In  general  they  work  well  for  static  data.  I’m 
not  convinced,  however,  that’s  good  enough. 
Most  sites  are  90%  dynamic  and  10%  static, 
and  over  time  they’ll  be  99%  dynamic  and  1% 
static  ■ 


fc  I  There's  a  class  of  things 
people  want  to  do  with 
devices  that  are  much  bet¬ 
ter  done  with  Web  services  than  with 
software  sitting  on  their  devices.  19 
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function,  copyright  protection  or  whatever, 
means  that  there  are  restrictions  to  future 
uses. 

Under  the  restrictions  of  the  Digital 
Millennium  Copyright  Act.it  will  be  almost 
impossible  to  come  up  with  a  reliable 
scheme  because  any  discussion  of  flaws  in 
a  proposal  could  be  prosecuted. 

Copyrighted  materials  need  protection, 
but  it  should  not  be  at  the  expense  of  the 
technical  flexibility  that  has  been  the  most 
important  driver  of  our  economy  during 
the  last  20  years  —  particularly  because 
the  solution  would  not  actually  work. 

Disclaimer:  Harvard  has  trained  lawyers 
on  all  sides  in  this  fight  (a  good  way  to 
ensure  the  need  for  more  lawyers).  But 
none  of  them  advised  me  in  forming  my 
opinion. 

Bradner  is  a  consultant  with  Harvard 
University’s  University  Information  Systems. 
He  can  be  reached  at  sob@sobco.com. 
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messaging  services,  such  as  AOL’s  Instant 
Messenger,  the  service  provider  controls 
the  entire  directory 

Hub  IM  supports  Lightweight  Directory 
Access  Protocol  and  integrates  with  lead¬ 
ing  directory  products  from  Microsoft, 
Novell,  Sun  and  others.  Directory  informa¬ 
tion  is  exchanged  in  real  time  between  the 
Hub  IM  service  and  the  participating 
financial  institutions. 

From  a  security  perspective,  Hub  IM  fea¬ 
tures  password  protection  and  automati¬ 
cally  encrypts  messages  end-to-end.  The 
service  also  guarantees  message  delivery. 

Hub  IM  complies  with  the  regulatory 
requirements  of  the  National  Association 
of  Securities  Dealers  and  the  Securities 
and  Exchange  Commission  regarding  the 
retention  of  instant  messages. 

The  service  works  with  PC,  Unix  worksta¬ 
tion  and  Apple  Macintosh,  and  it  can  be 
accessed  remotely  over  a  Web  browser. 

From  a  user’s  perspective.  Hub  IM  pro¬ 
vides  an  open  address  book  that  lets  users 
easily  contact  any  of  the  30,000  people 
currently  listed  without  knowing  their 
screen  names  or  e-mail  addresses.  It  also 
authenticates  people.so  users  can  be  con¬ 
fident  they  are  sending  an  instant  message 
to  the  appropriate  person. 

“Hub  IM  is  real.  It’s  out  of  pilot  mode.  We 
have  thousands  of  seats  among  dealers, 
and  it’s  available  to  thousands  of  their  cus¬ 
tomers,"  says  Gary  Reifman,  product  man¬ 
ager  for  Hub  IM.  'Tens  of  thousands  of  mes¬ 
sages  are  going  across  the  service  each 
day  We  have  one-to-one  conversations  as 
well  as  many-to-many  or  meeting-style 
conversations.” 

Communicator,  Inc.  did  not  reveal  the 
terms  of  its  deal  with  the  eight  financial 
institutions.  However,  the  managed  ser¬ 
vice  sells  for  $50  per  year,  per  user. 

Communicator,  Inc:  www.communica 
torinc.com 


■  WIRELESS  ■  REGULATORY  AFFAIRS 


Infonet's  Collazo  talks 
of  weathering  the  storm 


Infonet  CEO  Jose  Collazo  recently  spoke  with 
Network  World  Senior  Editor  Denise  Pappalardo 
about  his  company's  financial  position  and  how 
longtime  carriers  have  a  better  chance  of  surviving 
in  this  slow  economic  market.  Infonet  is  one  of  the 
largest  multinational  telecom  service  providers,  with 
a  network  that  spans  180  countries  and  3,330  cities. 
While  Infonet's  revenue  of  $660  million  in  2001  was 
far  less  than  its  two  main  competitors’ —  WorldCom 
with  $35.2  billion  and  Equant  with  $3. 1  billion  — 
IDC  says  Infonet  holds  a  strong  position  as  one  of 


the  leading  global  carriers. 

Many  service  providers  are  suffering  financially.  How  is  Infonet  faring? 

Infonet  is  very  fortunate  because  we’re  not  involved  in  the  financial  troubles 
that  most  of  the  new  entrants  in  the  telecom  space  have  found  themselves. 
You  have  to  divide  the  telecom  space  into  two  groups:  the  new  guys  and 
those  that  have  been  around  for  many  years.  A  lot  of  these  new  players  are 
going  away  and  the  competitive  market  will  look  like  it  did  four  or  five  years 
ago.  In  our  case,  we  have  $500  million  in  the  bank  with  $100  million  in  debt. 
We’re  close  to  being  cash  positive. 

What  percent  of  Infonet's  revenue  comes  from  voice  and  traditional  data  such  as 
frame  and  IP  services? 

Voice  service  revenue  is  less  than  3%  of  our  overall  revenue.  A  large  por¬ 
tion  of  our  revenue  is  based  on  IP  services  because  we  have  more  than  1,000 
IP  VPNs  running  today.  However,  because  these  VPNs  normally  run  together 
with  legacy  applications,  they  run  over  our  frame  relay  networks.  We  have  IP 
routers  running  over  our  frame  infrastructure,  and  we  manage  it  end  to  end. 
We  don’t  break  down  revenue  based  on  data  service  type;  we  look  at  it  as 
data  revenue. 


See  Collazo,  page  34 


Ad  firm  sold  on  Akamai  as  net  accelerator 

More  companies  turning  to  CDNs  for  internal  networks  as  well  as  Web  sites. 


Takes 


■  British  Telecom  and  AT&T  have 

fully  unwound  their  Concert  Com¬ 
munications  joint  venture  and  com¬ 
pleted  the  return  of  assets  to  the  par¬ 
ent  companies,  BT  announced  last 
week.  BT  also  has  completed  the  ter¬ 
mination  of  its  Canadian  joint  venture 
with  AT &T  through  AT&T  Canada. 
AT&T  and  BT  announced  last 
October  that  they  were  disbanding 
the  international  joint  venture,  which 
was  launched  in  1998  because  of 
mounting  financial  losses. 

Former  Concert  customers  have 
been  split  between  AT &T  and  BT, 
based  on  their  location,  and  the  two 
companies  have  signed  commercial 
agreements  to  ensure  that  customers 
receive  uninterrupted  service. 

■  Cable  &  Wireless  quietly  pulled  the 
plug  on  its  application  hosting  services 
earlier  this  year  because  of  a  lack  of 
customer  interest.  The  carrier's  a- 
Services  initiative  was  launched  in 
September  2000.  C&W  was  charging 
$170  per  month  per  user  to  host  Mi¬ 
crosoft  Office  applications  on  Compaq 
servers  within  its  Reston,  Va.,  data 
center. 


■  BY  JENNIFER  MEARS 

NEW  YORK  —  Saatchi  &  Saatchi  is  using 
Akamai  Technologies’  content  delivery 
network  to  take  its  advertising  business  up 
a  notch,  but  not  in  the  way  network  exec¬ 
utives  might  suspect. 

There  is  no  Web  site  being  accelerated. 
The  advertising  firm  is  using  Akamai  as  an 
extension  of  its  internal  network,  making  it 
easier  to  share  ideas  and  collaborate  on 
projects  even  when  team  members  are 
oceans  apart. The  approach  is  a  departure 
from  the  way  companies  have  typically 
used  Akamai’s  thousands  of  edge  servers 
that  sit  atop  hundreds  of  networks  around 
the  world. 

“We  are  all  about  ideas  . . .  and  we  have 
two  needs:  to  share  those  ideas  internally 
between  account  teams  and  to  share 
them  externally  with  our  clients,”  says 
Laura  Limbach,  CIO  at  Saatchi  &  Saatchi. 
“And  we  needed  to  do  that  in  a  very 
secure,  fast  wa/ 

Various  content  included 

The  advertising  firm  is  using  Akamai  to 
speed  the  delivery  of  streaming  video,  PDF 
files,  Microsoft  Word  documents.  Excel 
spreadsheets  and  other  forms  of  content 
that  are  the  building  blocks  of  advertising 
campaigns  for  customers  such  as  Toyota, 
Johnson  &  Johnson  and  General  Mills. 


In  the  past,  Akamai  customers  primarily 
accelerated  Web  site  delivery  but  now 
businesses  are  increasingly  turning  to 
Akamai  to  move  “business  critical”  infor¬ 
mation,  an  Akamai  spokeswoman  says. 

Saatchi  &  Saatchi,  of  New  York,  employs 
about  7,000  workers  in  138  offices  in  82 


Taking  the  edge  off 

Advertising  firm  Saatchi  & 
Saatchi  is  reaping  rewards  from 
using  Akamai’s  network  for  its 
internal  needs.  Here’s  how: 


•  Saving  on  infrastructure;  no  need 
to  build  out  more  bandwidth  or 
add  hardware. 

•  Saving  on  IT  resources;  no  need 
for  internal  staff  to  monitor 
delivery  network  24-7. 

•  Reduced  demand  on  corporate 
servers;  changes  to  content  are 
done  dynamically  at  the  network’s 
edge. 

•  :  Employees  and  clients  around  the 

globe  have  faster  access  to 
everything  from  streaming  video 
to  Word  documents. 


countries.  Geographic  disparity  created  a 
challenge  to  collaborative  efforts,  Lim¬ 
bach  says, so  the  company  set  up  an  inter¬ 
nal  content-management  system  called 
Brain  to  put  all  of  its  creative  resources  in 
one  secure  place. Then  came  the  need  to 
quickly  deliver  the  vast  amounts  of  digital 
information  to  employees  and  clients. 

The  company  considered  building  its 
own  infrastructure  to  support  the  growing 
amount  of  digital  information  it  wanted 
to  move,  but  quickly  nixed  the  idea 
because  of  staffing  constraints  and  cost, 
Limbach  says. 

Convinced  about  security 

While  some  corporations  might  be  re¬ 
luctant  to  throw  their  intellectual  property 
onto  CDNs,  which  run  over  public  net¬ 
works,  Limbach  says  security  wasn’t  an 
issue.  “We  believe  Akamai’s  highly  secure 
network  meets  the  highest  level  of  physi¬ 
cal,  network, software  and  procedural  secu¬ 
rity’ she  says. 

Limbach  wouldn’t  go  into  detail  about 
specific  security  measures  in  place,  but 
says  Saatchi  &  Saatchi  has  internal  secur¬ 
ity  protocols,  including  firewalls  and 
application  security,  that  help  ensure  the 
integrity  of  information  as  it  moves  from 
the  company’s  internal  systems  to  the 
Akamai  network. 


See  Akamai,  page  34 
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EYE  ON  THE 
CARRIERS 

Johna  Till 
Johnson 


There  has  been  a  lot  of  discussion 
about  whether  Multi-protocol  Label 
Switching  is  good  or  bad  for  the 
Internet.  It’s  been  called  a  social  disease, 
something  that  should  never  be  allowed 
on  the  ’Net,  a  disaster  waiting  to  happen. 

Strangely,  none  of  this  seems  to  have 
slowed  its  adoption  —  a  majority  of  the 
service  providers  I’ve  surveyed  are  either 
deploying  MPLS  or  considering  it. 

So  is  MPLS  bad  for  the  ’Net? 

To  understand  the  answer,  you  have  to 
understand  something  about  the  major 
objections.  There  are  two: 

First  is  that  MPLS  fundamentally  breaks 


www.nwfusion.com 


Despite  criticism,  MPLS  is  here  to  stay 


the  Internet  paradigm  in  two  major  ways. 
By  supporting  tunneling,  it  breaks  the  trans¬ 
parency  paradigm.  By  supporting  sessions, 
it  breaks  the  datagram  model.  Both  of  these 
are  fundamental  architectural  principles  of 
the  Internet. 

The  second  major  objection  is  that  MPLS 
—  like  other  connection-oriented  tech¬ 
nologies  —  doesn’t  scale  infinitely.  The 
Internet  already  has  known  scalability 
issues,  which  MPLS  doesn’t  solve. 

So  if  one  takes  a  purist,  Internet-centric 
approach,  the  naysayers  are  right:  MPLS 
breaks  some  critical  Internet  architectural 
principles,  while  simultaneously  failing  to 
deliver  any  substantive  incremental  value, 
such  as  improving  scalability 

But  purists  are  missing  some  significant 
points.  Specifically  MPLS  was  not  designed 
to  enhance  the  ’Net  per  se.  Instead,  it  pro¬ 
vides  value  to  providers  of  IP  and  Internet 
services,  including  the  following: 

•  By  building  in  support  for  quality  of 


service  and  session-oriented  services, 
MPLS  lets  providers  of  IP  and  Internet  ser¬ 
vices  better  position  those  services  for  end 
customers,  particularly  large  businesses. 

•  Additionally,  it  lets  service  providers 
lower  operating  costs  by  providing  an 
infrastructure  that  can  consolidate  1R 
frame,  ATM  and  other  Layer  2  services. 

•  Finally  MPLS  IP  VPNs  set  the  stage  for 
intercompany  IP  extranet  communications. 

On  the  issue  of  scalability,  MPLS  helps  in 
a  way  that  Internet  purists  might  have  over¬ 
looked.  Most  Internet  purists  might  think  of 
scalability  as  the  ability  to  interconnect 
multiple  networks  effectively  —  and 
they’re  right,  MPLS  doesn’t  help  here. 

But  the  Internet  has  changed  consider¬ 
ably  over  the  past  two  years.  Instead  of  hun¬ 
dreds  to  thousands  of  independent  ISPs, 
the  majority  of  ’Net  traffic  is  now  handled 
by  a  handful  of  large  networks  operated  by 
general-purpose  service  providers  (AT&T, 
WorldCom,  British  Telecom  and  others). 


Providing  a  consolidated  infrastructure 
for  these  large  providers  (at  least  in  theory) 
can  reduce  their  network  operational  and 
management  costs  —  which  represent  the 
largest  single  component.  Anything  that 
reduces  these  costs  helps  scalability 
The  bottom  line  is  that  MPLS  might  not 
help  the  ’Net,  but  it  helps  ’Net  providers. 
And  that’s  why  it’s  here  to  stay. 

Johnson  is  senior  vice  president  and  CTO 
for  Greenwich  Technology  Partners,  a  net¬ 
work  consulting  and  engineering  firm.  She 
can  be  reached  at  johna@greenwich 
tech.com. 


■  Soon,  enterprise  customers  and 
service  providers  will  be  able  to 
transport  Layer  2  traffic  across  an 
MPLS  backbone.  PAGE  45 
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continued  from  page  33 

Saatchi  &  Saatchi  started  down 
the  CDN  path  in  the  late  1990s 
when  it  decided  that  its  tradition¬ 
al  method  of  using  couriers  to 
ship  videos  between  offices  and 
clients  was  starting  to  be  a  drag 
on  business. 

“It  was  an  expense  in  terms  of 
making  copies.  And  it  was  a  time 
factor  in  terms  of  going  through 
couriers  and  customs,  then  deliv¬ 
ering  the  tape  and  having  to  go  to 
a  video  room, pop  it  in  aVCR  and 
take  a  look  at  it,”  Limbach  says. 
“The  difference  between  that 
[method]  and  for  everybody 
around  the  globe  to  be  able  to 
look  at  a  video  at  their  desktop 
within  minutes  after  it’s  created  is 
quite  amazing.  It’s  a  true  change 
of  business  practices.” 

Saatchi  &  Saatchi  began  using 
streaming  media  firm  Intervu  in 
1998  and  moved  to  the  Akamai 
service  when  Akamai  acquired 
Intervu  in  the  spring  of  2000. 
About  five  months  ago,  Saatchi  & 
Saatchi  began  using  Akamai  to 
deliver  all  of  its  content,  not  just 
streaming  media,  when  it 
switched  to  the  CDN’s  EdgeSuite 
service,  which  delivers  not  only 
static  content  and  streaming 
media,  but  also  dynamic  content 
from  the  network’s  edge. 

Delivery  times  slashed 

Projects  within  Saatchi  &  Saat¬ 
chi  often  undergo  numerous  revi¬ 
sions  With  EdgeSuite, changes  are 
inserted  into  existing  pages  with¬ 
in  Akamai's  edge  servers  and 
there  is  no  need  to  return  to  ori¬ 
gin  servers  every  time  a  tweak  is 
made,  shortening  delivery  time 


dramatically  Limbach  says. 

“A  video  that  would  average  a 
40second  delivery  is  now  being 
delivered  in  6  seconds  [with 
EdgeSuite]  ,” she  says. 

Limbach  says  moving  to  the 
EdgeSuite  service  involved 
changing  host  and  server  names 
and  redirecting  requests  to  the 
EdgeSuite  service.  “The  actual 
changes  that  we  needed  to  make 
were  minor  and  painless,”  she 
says.“Very  painless,  actually’ 

The  only  drawback  is  the  cost 
of  EdgeSuite,  Limbach  says.  It’s 
more  expensive  than  the  stream¬ 
ing  media  service  Saatchi  & 
Saatchi  was  using. The  EdgeSuite 
service  starts  at  about  $15,000 
per  month.  However, she  says  that 
justifying  the  additional  expense 
wasn’t  difficult. 

“If  we  have  hundreds  of  users 
who  are  now  able  to  access  the 
content  they  need  faster  than 
they  did  the  day  before  yesterday, 
it  would  be  difficult  to  put  a  price 
on  that,”  Limbach  says.  “It  means 
you’re  generating  ideas  and 
going  to  market  faster  than  you 
were  the  day  before  yesterday. 
And  that’s  all  in  support  of  our 
clients.'  ■ 


More  online! 

Read  about  the  state  of  content  delivery 
networks  and  their  future. 

Doc  Finder  8836 
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continued  from  page  33 

What  does  the  typical  Infonet  customer  look  like? 

Manufacturing  makes  up  about  20%  of  our 
customer  base. The  next-biggest  sector  is  the 
pharmaceutical  industry  and  then  high-tech 
companies.  Our  customer  is  not  categorized 
so  much  by  industry,  but  by  having  a  large 
number  of  locations  —  more  than  40  — 
spread  across  20  countries. 

Where  does  Infonet  have  its  own  network  assets, 
and  where  is  it  leasing  capacity  from  other 
providers? 

The  value  of  a  company  is  not  so  much  in 
the  infrastructure  assets,  but  in  the  systems 
used  to  run  that  infrastructure.  If  you  break  the 
network  into  three  layers  there  is  the  broad¬ 
band  regional  network,  the  pan-European  net¬ 
work  and  the  pan-Asia  network.  We  own  most 
of  the  latter  two  networks.  Most  of  our  local 
networks  are  leased.  But  we’re  buying  metro¬ 
politan  fiber  rings  in  larger  markets  such  as 
New  York,  London  and  Paris. 

Infonet  has  deployed  Multi  protocol  Label  Switching 
(MPLS)  to  support  its  IP  VPN  service.  Is  Infonet 
using  MPLS  to  offer  other  services  or  to  better  sup¬ 
port  traffic  engineering? 

We  run  a  modern  network  with  an  ATM 
backbone.  On  a  separate  plane,  we  run  MPLS 
primarily  to  support  enterprise  customer  ser¬ 
vices.  With  MPLS  in  the  network  we  hope  to 
offer  more  and  more  IP  converged  voice, 
video  and  data  services.  We’ve  been  offering 
voice  over  ATM  and  over  frame  for  the  last 
five  years.  We’re  offering  voice  over  IP  now  as 
well.  We  plan  to  offer  video  over  IP  soon. 

Our  issue  is  we  need  to  offer  industrial- 
strength  services,  which  is  why  voice  over  frame 
is  more  robust  for  us  today. This  is  basically  be¬ 
cause  voice  over  IP  is  barely  coming  out  of  pro- 


*We're  trying  to  introduce  this 
[VoIP]  technology  to  customers 
who  are  expecting  highly  reli¬ 
able  services,  and  we  cannot 
afford  to  sell  or  install  based 
on  hype.9 

duction  shops  of  hardware  vendors  like  Cisco, 
which  means  there  are  still  bugs. 

The  new-age  carriers  that  deploy  new  net¬ 
works  don’t  have  any  choice  but  to  deploy  what 
they  get  from  the  hardware  vendors.  But  then 
they  get  into  trouble  when  their  networks  don’t 
perform  because  the  stuff  inside  isn’t  stable. 
We’re  trying  to  introduce  this  technology  to  cus¬ 
tomers  who  are  expecting  highly  reliable  ser¬ 
vices,  and  we  cannot  afford  to  sell  or  install 
based  on  hype. 

What’s  the  future  for  Infonet?  How  will  the  com¬ 
pany  expand  its  network  and  services? 

From  a  network  point  of  view  our  focus  is  to 
increase  our  national  presence  in  key  countries 
around  the  world.  We  plan  to  continue  to  grow 
in  the  top  25  markets  around  the  world.  On  the 
service  front  we  expect  to  see  fully  converged 
voice,  video  and  data  services  that  will  also 
include  wireless  in  three  to  four  years. 

Currently  Infonet  is  not  offering  mobile  wireless 
services,  correct? 

Yes.  But  we  see  a  better  integration  between 
wireless  and  global  IP  networks  in  the  future. 
Right  now  next-generation  wireless,  2. 5G  or 
3G,  is  just  being  rolled  out  by  wireless  opera¬ 
tors.  Once  these  services  are  widely  available 
it  will  be  possible  to  integrate  GSM  capabili¬ 
ties  into  IP  networks  so  you  can  have  better 
integration  between  wireless  devices  and 
global  IP  networks.  ■ 
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■  SERVICE  PROVIDER  DEVELOPMENTS 
AT  THE  JUNCTURE  BETWEEN  THE  ENTERPRISE 
AND  THE  NEW  PUBLIC  NETWORK 
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NetworkWorld  El 

■  ONI  Systems  last  week  announced 
that  metropolitan  optical  systems 
rival  Nortel  has  agreed  to  dismiss 
four  claims  related  to  purported 
patent  infringement  by  ONI,  but  is 
still  pursuing  litigation  on  a  fifth 
claim.  Nortel’s  original  suit  was  filed 
on  March  10,  2000,  just  prior  to  ONI's 
filing  for  its  IPO.  The  four  patents  dis¬ 
missed  in  the  suit  pertain  to  SONET 
technology  that  Nortel  alleged  ONI 
had  infringed  on  in  its  dense  wave¬ 
length  division  multiplexing  systems, 
an  ONI  spokesman  says. The  fifth 
patent  pertains  to  a  technique  for 
passive  passthrough  of  optical  sig¬ 
nals  in  a  DWDM  system,  the 
spokesman  says. Since  the  suit  was 
filed,  ONI  says  it  has  vigorously  coun¬ 
tered  all  of  Nortel's  claims  and  will 
continue  to  do  so  with  the  remaining 
Nortel  patent  at  issue. 

Nortel  says  it  dropped  litigation  on 
the  four  patents  to  bring  the  case  to 
an  “efficient  conclusion."  The  com¬ 
pany  says  the  remaining  patent  in 
question  continues  to  reflect  the  core 
of  its  claim. 

■  Tahoe  Networks  last  week  an 
nounced  a  marketing  and  technology 
partnership  with  mediation,  service- 
activation  and  billing  software  ven¬ 
dors  Xacct  Technologies  and 
Kabira  Technologies 

Tahoe  plans  to  integrate  both  com¬ 
panies’  software  interfaces  into  its 
mobile  subscriber  aggregation  sys¬ 
tems.  These  systems  provide  mobile 
access  into  IP  data  networks,  and 
support  GSM  communications,  Code 
Division  Multiple  Access  and  public 
wireless  LAN  technologies.The  com¬ 
bined  offerings  are  intended  to  let 
mobile  operators  combine  pre-  and 
postpaid  service  records,  rather  than 
managing  them  separately.  They  also 
are  designed  to  enable  accelerated 
introduction  of  new,  personalized 
mobile  IP  data  services. 
www.tahoenetworks.com; 
www.xacct.com; www.kabira.com 


Wavelength  markets  waver 

Cost  and  limited  functionality  preventing  widespread  deployment  in  the  MAN. 


■  BY  TERRI  GIMPELSON 

Even  though  demand  for  metropolitan 
wavelength  service  is  snowballing,  the 
same  cannot  be  said  for  wavelength  provi¬ 
sioning  equipment. 

Metropolitan  wavelength  service  revenue 
will  reach  $133  million  this  year,  almost  a 
threefold  increase  from  the  $49  million 
market  for  2001,  according  to  The  Yankee 
Group. Wavelength  services  will  be  almost  a 
$4  billion  market  by  2005, the  research  firm 
forecasts. 

In  contrast,  metropolitan  dense  wave¬ 
length  division  multiplexing  (DWDM)  gear 
used  to  provision  these  services  to  corpo¬ 
rations  will  grow  only  2%  this  year  from  the 
$702  million  market  in  2001,  according  to 
Dell’Oro  Group.  Capital-expenditure  re¬ 
ductions  and  small  buildouts  among  in¬ 


The  cost  of  rising  the  wavelength 

Prices  for  optical  bandwidth  in  metropolitan 
area  network  (MAN)  and  long-haul: 


MAN 

Long-haul 

2.5G  bits 

10G  bits 

2.5G  bits 

10G  bits 

High 

$24,576 

$58,368 

$67,000 

$75,000 

Low 

$10,000 

$20,000 

$25,000 

$68,000 

SOURCE:  THE  YANKEE  GROUP 


cumbent  local  exchange  carriers  and 
postal,  telegraph  and  telephone  adminis¬ 
trations  are  crimping  growth,  Dell’Oro  ana¬ 
lysts  say 

Metropolitan  DWDM  vendors  say  current 
economic  conditions  make  it  too  costly  for 
service  providers  to  build  out  wavelength 
service  networks.  Yet  demand  ultimately 
may  fire  up  the  equipment  market. 

According  to  The  Yankee  Group,  wave¬ 
length  services  —  in  their  most  basic  form 
as  an  unprotected  transport  service  —  are 
about  30%  to  60%  less  expensive  than  com¬ 
parable  lit  bandwidth  services.  Companies 
are  looking  to  these  services  to  increase 
their  current  bandwidth,  particularly  for 
storage  applications,  videoconferencing 
and  large  file  transfers,  and  to  connect 
branch  offices,  the  firm  says. 

Meanwhile,  service  providers  are  looking 
to  wavelengths  for  trunking  services  be¬ 
tween  metropolitan  facilities.  Wavelength 
services  offer  providers  a  means  of  quickly 
increasing  their  current  2.5G  bit/sec  OC-48 


capacity  to  10G  bit/sec  OC-192. 

Wavelength  services  also  offer  a  means 
for  providers  to  differentiate  themselves 
based  on  provisioning  times  and  service 
quality,  analysts  say  It  can  take  between  12 
to  18  months  to  acquire  and  light  intercity 
fiber, The  Yankee  Group  says. 

Intercity  wavelength  service,  on  the  other 
hand,  can  be  provisioned  in  as  few  as  30 
days,  the  firm  claims.  Service  providers  also 
can  bundle  services  on  the  protocol-inde¬ 
pendent  wavelengths,  including  applica¬ 
tions,  content  and  storage  hosting. 


Services  should  be  in  long-haul  market 

However,  some  vendors  say  wavelength 
services  make  more  sense  in  the  long-haul 
market  as  a  wholesale  service,  especially 
for  those  carriers  with  an  installed  DWDM 
system.  Furthermore,  equipment  innova¬ 
tion  specific  to  the  met¬ 
ropolitan  area  has  been 
nearly  nonexistent,  they 
say 

That’s  where  Coarse 
WDM  (CWDM)  may 
come  in.  CWDM  is  less 
expensive  to  deploy 
than  DWDM  because  it 
spaces  wavelengths  far¬ 
ther  apart  on  a  fiber, 
which  eliminates  the 
requirement  for  expen¬ 
sive  laser  cooling 


equipment. 

“CWDM  makes  sense  in  the  metro, and  it’s 
less  mone>( says  Marian  Stasneysenior  ana¬ 
lyst  for  The  Yankee  GroupTIt’s  a  niche  solu¬ 
tion,  and  it’s  smart.” 

Metropolitan  DWDM  market  leader 
Nortel  recently  unveiled  a  CWDM  prod¬ 
uct  in  an  attempt  to  make  wavelengths 
less  costly  to  provision  and  avail¬ 
able  to  more  companies.  The 
OPTera  Metro  5100,  a  six-slot 
CWDM  version  of  the  20-slot 
OPTera  5200  metropolitan 
core  DWDM  system,  is  being 
prepped  to  bring  wave¬ 
length  services  to  the  fore¬ 
front. 

But  CWDM  is  not  a 
panacea  to  spurring  sales  of 
wavelength  provisioning 
equipment.  While  nearly  all 
equipment  available  today 
lets  carriers  add  wave¬ 
lengths  on  demand, only  few 


More  online! 

Nortel's  products  are  ready  to 
make  wavelength 
services  ‘ready  for  prime  time.’ 

DocFinder  8831 


Wavelength  services 
will  be  almost  a  $4  bil¬ 
lion  market  by  2005, 
The  Yankee  Group 
forecasts. 


let  them  add  and  drop  a  single  wave¬ 
length  at  a  time. 

Those  devices  that  support  optical 
add/drop  multiplexing  only  support  the 
addition  or  subtraction  of  three  to  eight 
wavelengths  at  a  time,  which  is  inefficient, 
says  Michael  Howard, principal  analyst  and 
co-founder  of  Infonetics  Research. 

“The  way  a  wavelength  is  provisioned 
today  is  nothing  dynamic,”  he  says.  “They 
assign  a  wavelength  and  provision  it  all  the 
way  through, end  to  end,  the  same  way  they 
would  a  private  line.” 

Adding  add/drop  capabilities  to  wave¬ 
length  provisioning  gear  will  let  service 
providers  —  and  perhaps  equipment  ven¬ 
dors  —  gain  additional  revenue  by  quickly, 
efficiently  and  remotely  provisioning  wave¬ 
lengths  along  a  route,  Howard  says. 

But  metropolitan  equipment  vendors  are 
still  a  bit  muddled  on  product  positioning, 
according  to  The  Yankee  Groups  Stasney 
This  uncertainty  will  only  serve  to  confuse 
carriers  interested  in  offering  these  ser¬ 
vices,  she  says. 

“It’s  a  lose-lose  situation  for  both  sides,” 
Stasney  says. 

As  a  result  —  and  with  market  conditions 
forcing  a  consolidation  among  equipment 

vendors  and  service  providers  —  compa¬ 
nies  will  not  see  the  emergence  of 
inexpensive  wavelength  ser¬ 
vices  for  some  time. 

“It’s  still  a  little  early  to  pre¬ 
dict  who  the  survivors  will 
be  in  this  particular  market,” 
Stasney  says. 

As  for  equipment,  “Sales 
will  increase  a  little  next 
year,”  Howard  says.  “  There 
are  stiil  a  number  of  issues 
surrounding  wavelength 
services  that  need  to  be 
resolved,  including  equip¬ 
ment  design  and  stan¬ 
dards.”  ■ 


The  Clouds  Are  Lifting.  Get  Ready  for  the  Road  Ahead. 
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VORTEX  2002 


New  ideas,  New  Opportunities,  New  Partnerships  for  a  New  Networked  World 


At  VORTEX  2002,  the  most  influential  minds  in  the  telecom, 
Internet,  entertainment,  and  networking  industries  will  join  together 
to  construct  the  road  ahead;  one  that  will  drive  this  industry  forward 
toward  innovation  and  new  business  opportunities. 

Join  fellow  senior  executives  at  this  invitation-only  event  that  brings 
together  the  leadership,  thought,  funding,  and  regulatory  expertise 
to  shape  the  future  of  networking  and  the  technologies  that  drive  it. 


PLATINUM  SPONSORS 


GOLD  SPONSORS 


SEVIN 

ROSEN 

FUNDS 


VORTEX 

IDG  EXECUTIVE  FORUMS 


2002 


May  19-21,  2002 

The  Ritz-Carlton,  Laguna  Niguel 
Dana  Point,  CA 


TO  APPLY  FOR  AN  INVITATION: 

http://idgexecforums.com/vortex/V2A1DS 


SHAPING  YOUR  NETWORK 


Light  at  the  end  of  the  L2TPv3  tunnel 


HOW  IT  WORKS 


L2TPv3 

Layer  2  Tunneling  Protocol  Version  3  lets  frame  relay 
and  ATM  traffic  travel  across  an  IP  or  MPLS  backbone. 


■  BY  DAVE  GINSBURG 

Companies  and  carriers  have  been  look¬ 
ing  for  ways  to  maximize  the  efficiency 
and  cost  of  their  infrastructures  and  sim¬ 
plify  management  by  transporting  multi¬ 
ple  Layer  2  services  across  a  common  IP 
backbone.  Unlike  IP-based  VPNs,  Layer  2 
VPNs  are  multiprotocol,  allowing  the 
transport  of  IP  and  non-IP  traffic  across  a 
common  router  infrastructure.  With  Layer 
2  VPNs,  complexity  is  reduced  by  elimi¬ 
nating  the  need  for  edge  routers  to  sup¬ 
port  every  enterprise  VPN  routing  table 
and  Layer  3  routing  environment. 

Several  Layer  2  VPN  techniques,  such  as 
the  IETF  Martini  draft  and  Circuit  Cross 
Connect,  have  been  developed  to  let 
packet-switched  traffic,  such  as  frame 
relay,  ATM  and  Ethernet,  and  time-division 
multiplexed  traffic,  such  as  voice  and 
leased  line,  be  transported  across  a  Multi¬ 
protocol  Label  Switching  (MPLS)-enabled 
network. 

Another  technology  being  developed 
within  the  IETF  is  the  Layer  2  Tunneling 
Protocol  Version  3  (L2TPv3).  Currently  an 
IETF  draft  on  the  standards  track,  L2TPv3 
is  emerging  as  a  lightweight  yet  robust 
alternative  to  creating  Layer  2  VPNs  across 


Got  great  ideas 


■  Network  World  is  looking  for  great 
ideas  for  future  Tech  Updates.  If  you’ve 
got  one  and  want  to  contribute  it  to  a 
future  issue,  contact  Features  Editor 
Neal  Weinberg  (nweinberg@nww.com). 


MPLS  and  pure  IP  backbones. 

L2TPv3,  an  extension  of  the  L2TP  is  a 
stateless  protocol  with  no  inherent  signal¬ 
ing  or  keep-alive  mechanism.  L2TF)  origi¬ 
nally  defined  in  RFC  2661,  was  designed 
to  provide  dynamic  tunneling  for  multiple 
Layer  2  circuits  across  packet-oriented 
data  networks.  It  describes  a  standard 
method  of  tunneling  that  lets  circuitlike 
connections  across  one  or  many  Layer  3 
networks  appear  as  point-to-point  or 
point-to-multipoint  links  between  cus¬ 
tomer  locations.  The  base  L2TP  protocol 
consists  of  a  control  protocol  for  dynamic 
creation,  maintenance  and  tear-down  of 
L2TP  sessions;  and  data  encapsulation  to 
multiplex  and  demultiplex  Layer  2  datas- 
treams  between  IP-connected  nodes. 

L2TP  has  been  focused  on  narrowband 
dial-up  protocols.  L2TPv3  extends  L2TP  by 


letting  it  run  on  higher-speed  devices  such 
as  routers  because  of  reduced  overhead 
and  the  related  decrease  in  processing 
chores.  It  also  adds  important  new  fea¬ 
tures  such  as  increasing  the  session  and 
tunnel  ID  space  from  16  to  32  bits,  which 
dramatically  increases  the  number  of  tun¬ 
nels  from  65,000  to  more  than  4  billion. 

With  L2TPv3,  the  physical  interface 
connecting  to  a  customer’s  network 
becomes  the  tunnel  ingress/egress  inter¬ 
face.  Consequently,  traffic  does  not  need 
to  be  routed  into  the  tunnel  by  the 
provider’s  router.  As  packets  arrive  at  the 
interface,  they  are  encapsulated  and  for¬ 
warded  directly  toward  the  remote  tun¬ 
nel  endpoint.  Once  received  and  de- 
encapsulated,the  original  packet  can  be 
forwarded  out  of  the  egress  interface  if 
the  tunnel  identifier  is  recognized  by 


the  router.  If  it  isn’t,  the  packet  is  dis¬ 
carded. 

With  L2TPv3,  companies  reap  lower- 
cost  services  because  carriers  can  offer 
frame  relay,  ATM  and  Ethernet  over  a 
common  IP  backbone  —  radically  low¬ 
ering  capital  and  operational  costs.  And 
because  L2TPv3  adds  no  new  require¬ 
ments  to  the  IP  transport  infrastructure,  it 
is  inherently  easier  and  simpler  to  imple¬ 
ment  and  support,  because  network  staff 
is  familiar  with  IP 

Driving  the  technology  are  a  number  of 
new  applications,  such  as  the  ability  to 
offer  transparent  Ethernet  LAN  services 
across  the  wide  area,  scaling  frame  relay 
networks  to  higher  speeds,  and  infrastruc¬ 
ture  optimization  by  collapsing  multiple 
networks  onto  one  IP  backbone. 

Meanwhile,  corporations  have  a  single 
connection  that  provides  a  secure  Layer  2 
VPN  to  remote  sites  and  general  Internet 
access,  as  opposed  to  different  connec¬ 
tions  for  multiple  services,  such  as  a  con¬ 
nection  for  Internet  access  and  discrete 
private  lines  for  intranet  access  —  a  com¬ 
mon  enterprise  problem. 

But  there  is  always  a  downside.  While 
L2TPv3  makes  better  use  of  a  shared 
resource  (the  Internet  and  IP  backbones), 
resource  sharing  is  always  a  compromise 
and  lacks  true  predictability  and  guaran- 
tees.This  is  not  only  true  of  logical  circuits 
but  also  of  physical  assets  such  as  routers 
where  schemes  such  as  virtual  routing 
have  been  proposed. 

Ginsburg  is  vice  president  of  marketing 
and  product  management  at  Allegro 
Networks.  He  can  be  reached  at  gins@alle- 
gronetworks.  com. 


Dr.  Internet 


By  Steve  Blass 


Thanks  for  last  week's  advice  on  hotel  Internet 
systems.  However,  the  system  we  saw  doesn't 
force  you  to  use  Dynamic  Host  Configuration 
Protocol.  It  works  no  matter  what  TCP/IP  set¬ 
tings  you  have.  It  seems  to  have  something  that 
“talks”  to  the  media  access  control  address  on 
the  LAN  card,  and  doesn't  even  deal  with  TCP/IP 
settings.  We  just  don't  know  how  it  does  it  Do 
you  have  any  ideas? 


IP  packets  are  delivered  in  Ethernet  frames  on 
Ethernet  LANs.  The  IP-address-to-MAC-address 
translation  list  is  kept  in  an  Address  Resolution 
Protocol  (ARP)  cache  on  each  Ethernet  station. 
A  router  programmed  to  provide  DHCP  services 
plus  proxy-ARP  services  for  every  request  it 
hears  might  suffice  in  a  twisted,  but  deceptively 
cool,  sort  of  way.  IP  clients  communicate 
through  the  Ethernet  stack,  which  asks,  "What 
MAC  address  should  I  use?”  If  the  hotel  gateway 


responds  with  its  own  MAC  address,  then  the 
hotel  gateway  and  the  client  are  connected  and 
you're  all  set.  That’s  one  way.  The  "Proxy  ARP 
with  Subnetting”  how-to  at  www.linuxdoc.O'  g 
HOWTO/mini/Proxy-ARP-Subnet/  describes  an 
actual  implementation. 

Blass  is  a  network  architect  at  Charge® 
Work  in  Houston.  He  can  be  reached  at 
dr.internettaichangeatwork.com. 
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Technology  Update 


GEARHEAD 
INSIDE  THE 
NETWORK 
MACHINE 

Mark 

Gibbs 


Ah,  the  litany  of  technologies  continues 
unabated:  In  recent  Gearhead  col¬ 
umns  we  have  discussed  TCP/IP 
HTTR  FTR  telnet,  Simple  Mail  Transfer 
Protocol,  Rost  Office  Protocol, XML, Remote 
Procedure  Call,  XML-RPC,  Simple  Object 
Access  Protocol  and  namespaces,  all  as 
they  relate  to  Web  services.Such  is  the  rich, 
creamy  velvety  goodness  that  is  the 
essence  of  Gearhead.  Or  something. 

Lets  move  on  swiftly  to  the  next  technol¬ 
ogy  that  is  related  to  Web  services  simply 
by  association  (rather  reminds  us  of  the 
old  movie  line  “Round  up  the  usual  sus- 
pects!").The  technology  we  have  in  mind  is 
XML  Schema  Definition  (XSD). 

Easier  than  DTD 

As  we  noted  last  week,  the  most  common 
technology  used  to  define  the  structure  of 
an  XML  document  has  been  Document 
Type  Definitions  (DTD).  Among  the  defi¬ 
ciencies  of  DTDs  is  that  they  are  written  in 
their  own  language,  which,  while  not  as 


Scheming  schemas 


hard  to  learn  as  Urdu  or  Sanskrit,  is  never¬ 
theless  something  one  would  rather 
avoid. The  alternative  to  using  a  DTD  is  to 
use  an  XSD. 

XSDs  are  much  easier  to  understand  than 
DTDs  because  they  are  written  in  XML. 
Better  still,  XSDs  are  better  than  DTDs  at 
characterizing  how  the  content  of  an  XML 
file  is  structured. 

Now  to  really  explain  the  ins  and  outs 
of  XSD  would  require  this  column  to  be 
approximately  428.97  feet  long.  We’re  just 
going  to  hit  the  highlights. 

XSDs  are  structured  like  any  other  XML 
document  and  properly  include  a  name- 
space  declaration  following  the  XML 
declaration: 

<?xml  version=”  1 .0” encodings’ UTF-8”?> 
<xsd:schema  xmlns:xsd=http://www. 
w3c.org/2000/10/XMLSchema> 

[[XSD  stuff]] 

</xsd:schema> 

So  far, so  simple  —  it’s  that  bit  in  the  mid¬ 
dle  that  gets  complex. The  “XSD  stuff”  is  all 
about  defining  the  elements  that  we’re 
going  to  use  in  our  XML  document.  These 
definitions  are  created  by  declaring  the 
elements  and  which  data  types  they  use. 

There  are  two  data  types:  Primitive  (or 
base)  types  and  derived  types.  Derived 
types  are  defined  by  combining  two  or 
more  data  types  (either  primitive  or  de¬ 


rived  types)  to  create  compound  data 
types. 

Primitive  data 

There  are  nine  primitive  data  types,  in¬ 
cluding  Boolean  (true  I  false),  decimal, 
uriReference  and  string.These  types  can  be 
further  refined  by  attributes  that  restrict  the 
data  type’s  value  range  or  enumerate  the 
allowable  values  of  the  data  type. 

For  example,  we  can  set  upper  and  lower 
limits  on  the  number  of  characters  in  a 
string: 

<simpleType  name=“password”> 
restriction  base=“string”> 

<minLength>5</minLength> 

<maxLength>25</maxLength> 

</restriction> 

<simpleType> 

Here’s  another  definition,  but  this  time 
we’re  enumerating  the  allowable  values 
that  an  element  can  be  assigned: 

<simpleType  name=“accountType”> 
restriction  base=“string”> 

<enumeration>user</ 

enumeration> 

<enumeration>manager</ 

enumeration> 

<enumeration>administrator</ 

enumeration> 

<enumeration>operator</ 
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enumeration* 

</restriction> 

<simpleType> 

An  example  of  a  derived  data  type  is 
“integer,”  which  you  would  get  by  restrict¬ 
ing  the  base  type  “decimal”  to  zero  deci¬ 
mal  places.  If  you  want  to  use  a  long  inte¬ 
ger,  you  now  could  derive  this  from  “inte¬ 
ger”  by  setting  the  restriction  that  the 
value  must  be  no  less  than  -(2®^)-l  and 
no  greater  than  2^.  So  the  following  two 
XSD  definitions  define  the  “integer”  and 
“long”  data  types: 

<simpleType  name=“integer”> 
restriction  base=“decimal’’> 
<scale>0</scale> 

</restriction> 

</simpleType> 

<simpleType  name=“long”> 
restriction  base=“integer”> 

<  m  i  n  I  n  c  1  u  s  i  v  e  > 
-9223372036854775807</minInclusive> 

<maxlnclusive> 

9223372036854775808</maxInclusive> 

</restriction> 

</simpleType> 

Pretty  cool,  huh?  You  wait,  next  week  it 
will  get  interesting. ... 

Derive  your  comments  to  gearhead@ 
gibbs.com. 


Cool 

Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


We’ve  been  piling  up  some  goodies  in  the  Cool  Tools 
test  lab;  here’s  an  overview  of  some  we’ve  recently 
had  some  fun  with: 


Sprint/Samsung  a400  phone 

One  of  the  latest  offerings  from  Samsung  that  works  on 
the  Sprint  wireless  network  is  the  a400,  a  clamshell- 
type  phone  that  is  still  small  enough  to 
inside  the  palm  of  your  hand. 

New  features  include  embedded  Global 
Positioning  System  technology  that  gives 
access  to  location-based  and  E-91 1  ser¬ 
vices  as  the  networks  make  them  available; 
personal  information  manager  functional¬ 
ity  that  lets  you  take  your  address  book 
and  calendar  with  you;  OpenWave’s  Mo¬ 
bile  Browser  4.1  for  Internet  access;  and  23 
ring  tones  and  a  silent  vibrate  mode.  The 
a400  costs  $200. 

The  phone  also  supports  the  SprintPCS 
Ringers  and  More  program,  which  lets  you 
download  personal  ringers  and  images. 

The  green-backlit  display  has  six  lines  of 
text  with  four-shade  grayscale  for  images. 

Other  features  include  voice  dialing,  a  bilin¬ 
gual  user  interface  and  four  built-in  games. 

Go  to  www.si  irintpcs.com  to  check  out  the 
phone  or  to  w\% wsamsungelectronics.com. 


The  latest  from  the  Cool 


Road  Tools'  CoolPads 

These  pads  fit  underneath  your  laptop  to 
allow  for  better  heat  dissipation,  but  also 
give  you  a  better  angle  for  ergo 
nomic  benefits  when  working  on  differ¬ 
ent  height  surfaces  (such  as  your  kitchen 
table). We  tested  two  versions,  the  $30  Pod¬ 
ium  version  and  the  $20  Traveler  version. 

The  Podium  version  has  some  cool  adjustable 
height  risers  with  rubber  tips,  which  you  can  stack  and 
unstack  like  Legos  to  give  you  the  correct  angle.The  solid 
base  can  also  rotate  if  you  want  to  show  others  your  screen, 
and  the  base  does  a  good  job  of  protecting  furniture. 

For  road  warriors,  Traveler  CooIPad  doesn’t  have  the 
(X  risers,  but  the  solid  base  sticks  well  to  airline  tray 
™  tables.  It’s  also  lighter  than  the  Podium  version  —  (9 
oz.  for  the  Traveler,  15  oz.  for  the  Podium)  —  which 
makes  it  an  easy  addition  to  your  laptop  bag. 

You  can  check  out  these  low-tech  yet  still  cool 
tools  at  www.roadtools.com. 


quickly. 

You  can  check  out  the  drives  at  www.pockeydrives.com 
or  order  directly  through  www.technoscout.com.The  20G- 
byte  version  we  tested  costs  $250. 


Pockey  portable  hard  drive 

From  our  friends  at  TechnoScout.com  comes  the 
Pockey  portable  hard  drive, which  can  hold  20G.30G 
or  40G  bytes  of  data  and  fits  in  the  palm  of  your 
hand.  The  power  is  drawn  off  the  Universal  Serial 
Bus  (USB)  cable,  so  carrying  the  cable  and  hard 
drive  is  all  you  need  to  bring  all  of  your  files  with 
you.  The  installation  was  a  little  rough  compared 
with  some  other  USB-related  hard  drive  devices  that 
were  literally  “plug  and 
Samsung  s  a400  phone  playf  but  after  we  config- 

_  K5ksS^Si™lMS  ured  lhe  P'°e« 

I  enough  to  tit  in  the  8°'  UP  and  mnnirlS  Piwty 

f  palm  of  your  hand. 


Vox  Proxy 

Adding  animation  to  PawerPaint  presentations  can  be  a 
double-edged  sword.  Bad  animation  usually  makes  bad 
presentations  even  worse.  Still,  if  you  fancy  yourself  a  cre¬ 
ative  type,  you  should  check  out  Vox  Proxy,  which  adds  talk¬ 
ing  animated  characters  to  PowerPoint.  With  the  software, 
you  can  have  animated  characters  speak  your  presentation, 
and  you  also  can  add  your  own  voice  and  have  the  anima¬ 
tion  follow  along. The  software  includes  many  wizards  and 
tutorials  to  get  you  started  and  make  you  dangerous.Still.be 
prepared  to  devote  some  time  to  the  software  to  make  your 
presentations  good  enough  that  people  won’t  think  of  the 
animations  as  just  window  dressing. 

You  can  check  out  the  software  at  www.voxproxy.com, 
where  you  can  get  a  free  30-day  trial.  The  software  costs 
between  $200  and  $250. 

Shaw  can  be  reached  at  kshaw@nww.com 
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issues  central  to  deployment  of  VoIP,  based  on  a  user  study  conducted  by  The  Tolly  Group  detailing 
mces  of  50  net  architects. 

resident/CEO  Kevin  Tolly  as  he  highlights  the  results  of  an  industry  study  probing  the  implementation 
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EDITORIAL 

John  Gallant 

A  Showdown  of 
broadband 
proportions 

Normally,  this  space  is  reserved  for  the  opinions  of 
Editor  in  Chief  John  Dix.  But  lately,  it's  been  more 
like  the  community  calendar. That’s  because  we’ve 
got  so  many  special  events  planned  for  you,  including 
the  security  session  at  NetWorld+Interop  Las  Vegas  that  I 
wrote  about  last  week.  (For  more  information,  go  to 
www.interop.com,  click  on  the  Las  Vegas  2002  show  and 
hit  keynotes.) 

In  addition,  John  Dix  this  week  is  hosting  his  Voice-over- 
IP  Showdown  at  the  Spring  Voice  on  the  Net  conference 
in  Seattle  (www.von.com/vonspr02/).  If  you’re  there,  be 
sure  to  attend.  If  not,  check  out  our  coverage  after  the 
event. 

But  we  have  even  more  in  store. 

At  Supercomm  this  June  in  Atlanta,  I’m  hosting  Network 
World's  Broadband  Showdown  —  and  I’m  challenging 
the  leading  providers  of  broadband  access  to  debate  one 
another  on  technology  and  strategy 
The  goal  of  the  Showdown  is  to  give  businesses  a 
chance  to  hear  from  providers  of  cable  modem  service, 
DSL,  fixed  wireless  and  satellite  access  —  all  the  major 
broadband  purveyors.  1  want  to  explore  not  only  the 
strengths  and  weaknesses  of  the  services  they  offer,  but 
also  find  out  more  about  deployment  plans,  management 
strategies  and  the  value-add  services  they  plan  to  offer 
over  these  access  pipes.  I  want  to  know  how  these  com¬ 
panies  serve  geographically  dispersed  businesses,  how 
their  pricing  stacks  up  and  what  kind  of  support  they 
provide  to  help  you  bring  offices  and  teleworkers  into 
the  corporate  network. 

The  Showdown  will  be  held  on  Wednesday,  June  5,  and 
Amy  Harris,  program  manager  for  broadband  markets 
and  technologies  at  IDC.will  join  me.  In  a  true  presiden¬ 
tial-debate-style  format,  Amy  and  I  will  hit  the  providers 
with  tough  questions.Then  we’ll  let  the  vendors  ask  each 
other  questions,  which  is  always  fun. 

For  cable,  I’m  challenging  AOLTime  Warner  —  the  cur¬ 
rent  market  leader  —  to  send  a  top  technical  executive. 
For  DSL,  I’m  looking  for  SBC  Communications  to  go  to 
bat.  For  satellite,  I  want  DIRECTV  Broadband. 

For  fixed  wireless  ...well, I'm  up  in  the  air, no  pun 
intended. This  is  a  fractured  market  where  companies 
that  once  looked  like  major  contenders  have  backed  off 
of  late.  I’m  not  sure  who  should  play,  and  I  want  to  hear 
from  you  and  from  the  providers  about  which  company 
should  join  us. 

So  AOLTime  Warner, SBC,  DIRECTV  . . .  are  you  up  for 
the  challenge?  Will  you  join  the  showdown?  And  who 
will  stand  up  for  fixed  wireless? 

—  John  Gallant 
Editorial  director 
jgallant@nww.  com 


Lloyd  epilogue 

Regarding  “Net  saboteur  faces  41  months”  (www. 
nwfusion.com,  DocFinder:  8824):  When  Timothy 
Lloyd  sank  Omega  Engineering,  he  brought  to  light 
the  need  for  greater  data  security  and  the  fact  that 
management  frequently  does  not  understand  the 
IT  function  or  the  technology  they  utilize.  Lack  of  a 
good  grasp  of  IT  know-how  allowed  one  person  to 
hijack  Omega’s  data  and  livelihood. 

Management  needs  to  make  the  time  to  under¬ 
stand  how  their  network  operates  and  ask  ques¬ 
tions.  IT  is  the  engine  of  most  companies  today;  what 
are  you  doing  to  ensure  your  engine  is  up  and  run¬ 
ning  and  in  safe  hands? 

What  Lloyd  did  was  wrong  and  selfish.  He  will  re¬ 
gret  his  actions  for  the  rest  of  his  days.  But  I  wonder 
what  his  side  of  the  story  is. 

I  also  wonder  if  the  stuffed  shirts  in  the  Omega 
boardroom  learned  anything  from  this  experience. 
Anyone  who  can  wipe  out  a  company  in  eight  key¬ 
strokes  should  be  treated  like  gold. 

Jason  Klein 
Shelton,  Conn. 

With  one  person  doing  all  the  server,  network  and 
back-up  administration,  even  an  off-site  back-up 
storage  arrangement  can  be  sabotaged.  Perhaps 
the  lesson  from  Omega’s  situation  is  that  checks 
and  balances  should  be  included  in  a  disaster- 
recovery  policy. 

Rob  Ellis 
Boulder,  Colo. 

Change  is  painful 

Regarding  Lisa  Pierce’s  column  “Mediaone.net  do¬ 
main  name  change:  A  warning”  (www.nwfusion 
.com,  DocFinder:  8825):  I  have  been  a  MediaOne 
subscriber  for  almost  six  years.  I  can’t  imagine  how 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief.  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772 
Please  include  phone  number  and  address  for  verification 


many  people  have  my  MediaOne  e-mail  address.  I 
average  150  e-mails  per  day  A  lot  are  from  mailing 
lists  to  which  I  subscribe.  After  six  years,  it  would  be 
one  big  pain  in  the  butt  to  change  my  email  address 
in  every  account  where  I  might  have  entered  it. 

But  as  bad  as  that  is,  the  biggest  pain  is  the  fact 
that  when  I'm  not  sitting  at  home,  which  is  most  of 
the  time,  I  can’t  receive  my  email  from  my  email 
client.  Using  the  Web  browser,  I  can  read  mail,  but 
when  I  try  to  send  replies  1  get  a  system  error  mes¬ 
sage.  1  don’t  care  about  them  not  providing  a  dial- 
in  number,  but  not  being  able  to  access  my  email 
from  my  e-mail  client  is  a  deal  breaker.  I  will  switch 
just  for  that  reason.  At  least  I’m  lucky  —  1  have  a 
choice  of  three  broadband  providers. 

Henry  Zannini 
Salem,  N.H. 

Too  smart? 

I  enjoyed  your  story  on  nanotechnology  (“Nano 
futures,”  www.nwfusion.com,  DocFinder:  8826)  and 
agree  that  this  is  pretty  cool  stuff. The  only  problem  I 
have  with  this  new  technology  is  that  when  nanoma¬ 
chines  are  given  the  ability  for  self  assembly, and  the 
ability  to  adapt,  it  would  be  far  too  easy  for  them  to 
disassemble  everything  on  the  planet,  including  us. 
R.  Stanley  Williams,  Hewlett-Packard  Labs  fellow  and 
director  of  Quantum  Science  Research,  says  nano¬ 
machines  won’t  take  over  the  world  and  kill  us  all; 
they  will  have  safety  mechanisms  built  into  them. 
But  if  they  have  the  capacity  to  evolve  their  code, 
then  they  will  have  the  ability  to  change  and  throw 
out  old  rules  by  default. 

This  is  a  worrisome  scientific  development,  and  I 
hope  that  these  scientists  realize  what  they  are 
building.  If  these  “smart”  molecules  develop  beyond 
our  control,  what  will  stop  them? 

Jonathan  Dunn 
Assistant  account  executive 
NYPR 
New  York 
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Joel  Snyder 


Everything  you  need  to  know  about  IDSes 


i 


’ve  spent  the  past  few  months  immersed 
in  intrusion-detection  systems  and  have 
learned  more  than  I  really  wanted  to 
know  about  them.  In  case  you’re  wondering 
if  you  need  an  IDS,  here  are  some  points  to 
keep  in  mind: 

•  An  IDS  is  only  as  good  as  its  configuration. 
In  order  to  tell  whether  something  is  amiss, an  IDS  needs  to  know  every¬ 
thing  about  your  network.  For  example,  if  you  have  Web  servers  running 
on  Fbrt  80  and  Fbrt  8008  on  your  network, you’d  better  tell  your  IDS,  or 
it’s  not  going  to  look  in  the  right  places.  IDSes  need  to  know  not  only 
where  the  server  is  running,  but  also  which  software  it’s  running  and 
even  which  version,  in  some  cases.  IDSes  behave  very  differently  if 
you’re  running  Microsoft’s  Internet  Information  Server  than  Netscape’s 
server.  Be  prepared  to  perform  a  thorough  audit  of  your  network  before 
you  turn  the  IDS  on. 

•  IDSes  are  dumb.  You  have  to  tell  them  everything  or  you’ll 
be  supersaturated  with  false  positive  alerts.  Even  if  you  do  tell 
them  everything,  you’ll  still  find  IDSes  are  always  one  step  or  two 
behind  the  latest  attack.  IDS  products  on  the  market  don’t  use  arti¬ 
ficial  intelligence  or  neural  networks;  they  look  for  patterns  that 
match  known  problems.  If  any  of  the  popular  attacks  is  changed 
by  a  single  octet,  the  IDS  may  be  unable  to  detect  it.  Make  sure 
your  IDS  vendor  has  a  plan  for  keeping  your  attack  signatures 
updated  constantly. 


•  You  need  to  know  a  lot  of  details.  When  evaluating  IDSes,  you 
need  to  know  the  different  ways  in  which  they  operate.  Stateful  match¬ 
ing,  context  matching,  protocol  anomaly,  pattern  searching  —  all 
these  terms  have  to  be  second  nature  when  you’re  selecting  a  prod¬ 
uct.  And  not  all  IDSes  perform  the  same  function  to  the  same  level  of 
detail.  If  you  haven’t  learned  the  ins  and  outs  of  TCP/IP  yet,  be  ready 
for  a  new  education. 

•  Be  prepared  to  spend  a  lot  of  time  —  and  money.  Whether  you 
purchase  a  fully  configured  IDS  or  roll  out  your  own  with  the  free¬ 
ware  Snort,  be  prepared  to  spend  time  and  money  getting  the  IDS 
configured  and  installed.  IDSes  also  take  a  lot  of  time  to  manage  and 
administer  on  a  daily  basis.  Every  IDS  vendor  seeks  to  reduce  false 
positive  reports,  but  you’re  going  to  go  through  a  lot  of  them  before 
you  get  your  IDS  tuned. 

•  The  PR  wars  are  in  full  swing.  Even  though  the  product  niche  is 
small  and  relatively  new,  products  are  already  suffering  from  feature- 
creep.  Even  features  that  look  useful  at  first, such  as  active  attack  eva¬ 
sion, seem  less  than  perfect  when  you  examine  them  closely  Be  sure 
to  evaluate  the  risks  and  rewards  of  some  of  these  newer  features. 

Don’t  get  me  wrong  —  IDS  products  have  a  definite  place  in  cor¬ 
porate  networks.  Just  don’t  expect  them  to  be  easy 

Snyder,  a  Network  World  Test  Alliance  partner,  is  a  senior  partner 
at  Opus  One  in  Tucson,  Ariz.  He  can  be  reached  at  Joel.Snyder@ 
opusl.com. 
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Howard  Anderson 


Needed:  Networks  with  built-in  security 


ne  recurring  question  I  am  asked  is, 
“OK,  I  understand  that  the  communi¬ 
cations  industry  and  its  traditional  sup¬ 
pliers  are  toast.  What’s  next?”  It’s  true  that  the 
overbuilding  of  the  competitive  local  ex¬ 
change  carriers  and  the  “creative  account¬ 
ing”  at  Global  Crossing,  and  perhaps  Qwest 
Communications  and  WorldCom,  have  cast  a  pall  on  parts  of  the 
industry.  But  it’s  not  true  that  the  entire  industry  is  in  the  sewer. 

Years  ago  1  was  at  Nortel  presenting  my  analysis  to  their  top-400  exec¬ 
utives  and  was  asked  about  the  falling  market  for  enterprise-level  cus¬ 
tomer  premises  equipment  (CPE),  an  area  that  Nortel  claimed  to  dom¬ 
inate.  “What  about  Cisco?”  I  replied.  “Aren’t  routers  communications 
equipment  that  is  owned  by  enterprises?”To  Nortel,  the  answer  (then) 
was“No.”They  had  defined  the  market  too  narrowly  —  just  PBXs  and 
call  centers. 

A  few  months  ago,  1  did  the  keynote  speech  at  Check  Fbint  Software’s 
users  meeting.  Check  Fbint  is  the  single  biggest  mistake  in  my  venture 
career.  I  had  the  opportunity  to  invest  in  it  in  1994,  when  sales  were  $2 
million.  Last  year  Check  Fbint  earned  $322  million  on  $528  million  in 
sales.  Most  high-tech  companies  may  make  5%  to  10%  profit;  here  is  a 
company  earning  60%. 

What  1  found  at  the  Check  Fbint  users  meeting  were  all  my  old  enter¬ 
prise  CPE  users  —  who  were  now  building  firewall  protection  for  their 
Fortune  500  companies, a  market  that  Check  Fbint  dominates.  Firewalls 
let  companies  protect  their  networks  from  outside  attacks  and  inside 
snooping  —  and  everyone  needs  one.  The  corporate  network  goes  far 
beyond  a  company’s  buildings  —  it  extends  to  everyone  who  works  at 
home.  Right  now  there  are  28  million  telecommuters  in  the  U.S. There 
are  15  million  people  who  subscribe  worldwide  to  high-speed  Internet 
service,  10  million  of  whom  are  in  the  U.S.  Check  Fbint  owns  about  25% 
of  the  firewall  market,  but  there  is  a  bigger  opportunity  out  there:  pub¬ 
lic  firewalled  networks. 

What  we  have  are  enterprise  solutions  —  Cisco  or  RSA  Security  or 
McAfee  will  sell  you  some  software  or  a  black  box.  But  what  the  mar¬ 


ket  really  needs  isn’t  a  lot  of  expensive  hardware  at  the  customer  site, 
but  rather  a  network  that  has  this  capability  built  in. 

In  a  previous  column,  I  wrote  about  802.11,orWi-Fi,and  its  ability  to 
provide  inexpensive  network  access.  The  downside  is  that  Wi-Fi  is 
porous  to  cyberattacks. The  industry  solution  is  to  sell  lots  of  $300  CPE 
boxes  to  workers  at  home  to  protect  their  network. 

We  have  seen  this  before:  lots  of  equipment  at  the  premises  that  does 
the  work  the  network  should  have  done.  But  what  companies  want  is 
that  same  kind  of  firewall  service  inside  the  network  —  or  a  specially 
designed  and  built  network  that  has  all  that  functionality  Actually  they 
want  both  —  to  buy  a  carrier  service  that  gives  them  that  protection,  or 
a  CPE  option. 

The  result  may  be  the  same  old  network  that  has  a  new  life,  or  a  com¬ 
pletely  new  network  that  has  a  different  price  and  feature  set.  Either 
way  those  who  define  networks  too  narrowly  will  continue  to  find  com¬ 
modity  pricing,  creative  accounting  and  negative  growth.  Same  clowns, 
different  circus. 

Many  companies  buy  a  few  hundred  firewall  boxes  for  their  key 
employees,  but  what  happens  when  10,000  employees  require  protec¬ 
tion?  Are  companies  going  to  spend  $3  million,  or  are  they  going  to  go 
to  their  carriers  and  demand  a  service  that  provides  that  protection? 

The  key  for  the  communications  industry  is  to  develop  a  suite  of 
services  that  are  definitely  not  commodities.  As  long  as  there  is 
excess  capacity,  some  fool  will  drop  the  price.  On  the  voice  side,  we 
have  seen  distinctive  services  such  as  caller  ID  and  800  services.  On 
the  data  side,  the  killer  app  is  going  to  be  industrial-strength,  ruggedi- 
zed, secure  services.This  market  is  the  province  of  the  box  vendors 
and  the  software  jocks.  But  tomorrow  it’s  going  to  be  a  network  ser¬ 
vice,  and  for  my  money,  it  can’t  come  too  soon. 

Anderson  is  senior  managing  director  of  YankeeTek  Ventures,  a 
Cambridge,  Mass.,  venture  capital  fund  for  early-stage  technology 
companies.  He  also  is  founder  of  The  Yankee  Group  and  the  William 
Porter  Distinguished  Lecturer  at  the  Massachusetts  institute  of 
Technology.  He  can  be  reached  at  handerson@yankeetek.com. 
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A  look  at  the 
latest 

developments 
in  IPSec  and 
MPLS-based 
VPNs. 


■IRWIN  LAZAR 

A  new  breed  of  VPN  based  on  Multi-protocol  Label  Switching  is 
emerging  as  an  alternative  to  traditional  VPNs  based  on  IP  Sec¬ 
urity.  To  further  complicate  the  issue,  MPLS-based  VPNs  come  in 
two  flavors:  Layer  2  and  Layer  3. 

So  what  are  the  differences  between  the  various  types  of  VPNs, 
and  what’s  the  best  choice  for  your  network? 

Service  providers  typically  offer  two  VPN  alternatives  to  traditional  WAN  offerings 
such  as  frame  relay  ATM  or  leased  line:  IPSec-encrypted  tunnel  VPNs  and  MPLS  VPNs. 

The  IPSec  option 

IPSec  tunnel-based  VPNs  are  sometimes  referred  to  as  client-premises  equipment- 
based  VPNs  because  the  service  provider  typically  places  equipment  at  the  client  site. 

This  device  handles  encryption  and  decryption  of  traffic  before  it  goes  out  over  the  ser¬ 
vice  providers’  network.Traffic  within  the  service  provider  network  is  routed  the  same  as 
any  other  IP  traffic,  and  the  service  provider  has  no  visibility  into  the  IP  tunnel.  Nor  does 
the  service  provider  network  need  to  be  configured  in  any  special  manner  to  support 
IPSec  VPNs. 


Prediction1  >n  the  *ong  term' ,p  VPNs  Will  replace  traditional  Layer  2 
ricUIUIUII.  services  such  as  frame  relay,  ATM  and  leased  lines. 


such  as  voice. 

However,  a  roll-your-own  approach  lets 
corporations  establish  a  VPN  to  any  site 
that  has  access  to  the  Internet. 

Because  IPSec  requires  each  end  of  the 
tunnel  to  have  a  unique  address,  special 
care  must  be  taken  when  implementing 
IPSec  VPNs  in  environments  using  private 
IP  addressing  based  on  network  address 
translation.  Fortunately  several  vendors 
offer  solutions  to  this  problem.  However, 
they  add  more  management  complexity 
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If  you  are  using  frame  relay  or 
ATM,  and  you  need  to  incorporate 
meshing,  you  generally  can  do  so 
at  a  lower  cost  with  MPLS-based 
VPNs,  assuming  you  can  get  connec¬ 
tivity  from  one  provider  to  all  your 
locations.  Otherwise,  MPLS  VPNs  may 
not  offer  any  advantage  to  your  cur¬ 
rent  service. 
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Because  traffic  in  an  IPSec-based  VPN  is  encrypted.it  is  generally  consid¬ 
ered  secure  to  use  IPSec  to  transport  sensitive  traffic  over  a  public  IP  network. 

Deployment  dilemma 

You  have  two  choices  when  deploying  IPSec  VPNs:  managed  vs.  roll-your-own.  With  a 
managed  VPN,  one  service  provider  deploys  and  manages  customer  client-premise 
equipment,  and  all  traffic  is  carried  over  that  provider’s  network.This  lets  the  provider 
offer  service-level  guarantees  for  assured  performance. 

In  a  roll-your-own  scenario,  the  company  deploys  its  own  VPN  devices  and  does  not 
necessarily  rely  on  a  single  service  provider.  Roll-your-own  approaches  are  recom¬ 
mended  for  connecting  branch  offices  that  only  have  one  Internet  connection. 

The  disadvantages  to  roll-your-own  are  that  the  company  is  responsible  for  managing 
VPN  configurations,  and  because  traffic  is  transversing  the  Internet,  there  are  no  perfor¬ 
mance  guarantees.  Moreover,  it  typically  is  difficult  to  support  latency-sensitive  traffic, 


For  small  remote  sites  with  high 
Layer  2  service  costs  (such  as 
international  locations),  or  sites 
with  strong  security  requirements, 
IPSec  VPNs  are  an  ideal  way  to  provide 
connectivity,  although  there  are  gener¬ 
ally  no  performance  guarantees  unless 
all  traffic  is  carried  by  a  single  provider. 
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The  MPLS  method 

MPLS-based  VPNs  come  in  two  classes: 

Layer  2  and  Layer  3.  Layer  2  VPNs  based 
on  the  Internet  Engineering  Task  Force’s 
(IETF)  Martini  draft  or  Kompella  draft 
simply  emulate  Layer  2  services  such  as 
frame  relay,  ATM  or  Ethernet. 

Typically  Layer  2  MPLS  VPNs  are  invisi¬ 
ble  to  the  end  user,  much  in  the  same 
way  the  underlying  ATM  infrastructure  is 
invisible  to  frame  relay  users. The  cus¬ 
tomer  is  still  buying  frame  relay  or  ATM, 
regardless  of  how  the  provider  provisions 
the  service. 

With  Layer  3  MPLS  VPNs  (also  known  as 
“IP-enabled”  or“Private-IP”  VPNs), service 

providers  assign  labels  to  IP  traffic  flows.These  labels  represent  unique  identifiers  and 
allow  for  the  creation  of  virtual  IP  circuits  or  Label  Switched  Paths  (LSP)  within  an  IP 
network. 

By  using  labels,  a  service  provider  can  create  closed  paths  that  are  isolated  from  other 
traffic  within  the  service  provider’s  network,  providing  the  same  level  of  security  as  other 
private  virtual  circuit  (PVC)-style  services  such  as  frame  relay  or  ATM. 

Because  MPLS  VPNs  require  the  service  provider  to  modify  its  network,  they  are  con¬ 
sidered  network-based  VPNs.  MPLS-based  VPNs  require  no  client  devices,  and  tunnels 
usually  terminate  at  the  service  provider  edge-router. 

Layer  3  VPNs  offer  significant  advantages  to  traditional  Layer  2  services.  Because 
they  rely  on  IP  routing  to  build  paths,  they  easily  can  be  used  to  create  fully  or  par¬ 
tially  meshed  networks  within  a  service  provider  cloud, 
with  only  one  entry  point  into  the  cloud  from  each  loca¬ 
tion. This  eliminates  the  problem  of  setting  up  and  man¬ 
aging  multiple  PVCs  that  plague  fully  or  partially  meshed 
networks  created  with  ATM  or  frame  relay. The  IETF  has 
defined  standards  that  let  MPLS  VPNs  support  Differen¬ 
tiated  Services,  which  let  providers  enable  prioritization 
of  voice  and/or  other  latency-sensitive  traffic. 

Providers  also  can  use  MPLS  to  perform  traffic  engineer 
ing,  which  can  provide  predictable  perfoirnance  charnel  r 
istics  for  individual  classes  of  traffic. 
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Lazar  is  a  senior  consultant  for  Burton  Croup,  where  he 
focuses  on  strategic  planning  and  network  architecture  for 
Fortune  500  companies  and  large  service  providers.  He  >  n 
be  reached  at  ilazar@burtongroup.com. 
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MPLS  Layer  2  VPNs  hold  promise 
for  global  LAN  extension. 


■BY  MARY  PETROSKY 


If  you  operate  a  private  ATM  campus  network  or  metro¬ 
politan-area  network,  a  Multi-protocol  Label  Switch  Layer  2 
VPN  could  be  a  cost-effective,  high-speed  alternative. 

If  you’re  buying  frame  relay  or  ATM  from  a  service  pro¬ 
vider,  in  the  next  year  to  18  months  you  may  see  lower- 
cost  Ethernet-based  offerings  built  on  MPLS  Layer  2  VPN 
technology 

And  service  providers  are  expected  to  leverage  the  trans¬ 
parent  connectivity  of  MPLS  Layer  2  VPNs  to  offer  features 
such  as  remote-server  management,  off-site  storage  and 
even  voice  over  IP 


vendors  for  ATM  and  frame  relay  encapsulations. 

Soon,  enterprise  customers  and  service  providers  will  be  able  to  transport  a 
range  of  Layer  2  traffic  types  across  an  MPLS  backbone,  opening  the  door  for  a 
variety  of  applications  and  services. 

The  enterprise  play 

Financial  services  firms,  universities  and  government  agencies  in  particular 
are  expressing  interest  in  MPLS  VPNs  as  a  way  of  upgrading  their  private  ATM- 
based  campus  and  MANs. 

These  organizations  are  looking  to  Ethernet  for  the  bandwidth  they  need  to 
scale  their  current  campus  and  MANs,  but  are  reluctant  to  give  up  the  band¬ 
width  management,  quality  of  service  (QoS)  and  reliability  aspects  of  ATM.  By 
deploying  Ethernet  over  an  MPLS  infrastructure,  they  can  get  many  of  the  char¬ 
acteristics  of  ATM  —  including  traffic  management,  fast  failover  and  QoS  —  on 
lower  cost,  higher  performance  equipment. 

MPLS  Layer  2  VPN  technology  is  appealing  because  it  lets  companies  extend 

« 

See  LANs,  page  48 


All  this  is  being  made  possible  because  the  Internet  Engineering  Task  Force 
(IETF),  through  its  Provider  Provisioned  VPN  (PPVPN)  and  Pseudo-Wire 
Emulation  Edge  to  Edge  (PWE3)  working  groups,  has  focused  on  defining 
standards  that  leverage  MPLS  for  creating  VPNs. 

In  particular,  a  set  of  documents  known  as  the  Martini  drafts  has  won  the 
support  of  nearly  a  dozen  vendors  and  piqued  serious  interest  among  several 
service  providers,  including  Level  3  Communications,  Cable  &  Wireless, 
IntelliSpace  and  Telseon. 

Although  no  standards  have  yet  been  defined  by  the  working  groups,  many 
vendors  have  already  implemented  the  Martini  drafts,  with  additional  imple¬ 
mentations  in  the  works.  Cisco,  Extreme  Networks  and 
Riverstone  Networks  announced  support  for  Ethernet- 
based  MPLS  Layer  2  VPNs  last  spring.  Last  fall  at 
NetWorld+lnterop,  Foundry  Networks  and  Laurel  Networks 
joined  in  and  participated  with  Cisco,  Extreme  and 
Riverstone  in  interoperability  testing  of  Ethernet 
across  an  MPLS  network  compliant  with  Martini 
encapsulation. 

Atrica,  Juniper  Networks,  Nortel  Networks,  TiMetra 
and  Tenor  Networks  are  among  the  other  vendors 
also  tracking  Martini  and  related  drafts.  All  plan  to 
roll  out  implementations  in  the  first  half  of  this 
sear.  While  initial  announcements  have  centered 
on  Ethernet,  there  also  is  broad  support  among 
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L3  managed  by  service  provider. 


Service  provider  has  visibility 
into  customer  routing,  though 
customer  can  use  either  glob¬ 
ally  unique  or  private  address¬ 
ing  (at  some  burden  to 
service  provider). 


Limited  to  IP. 


Independent  of  underly¬ 
ing  L2  technology. 


L2  managed  by  service  provider, 
L3  managed  by  customer. 


Customer  routing  remains  private; 
private  addressing  can  be  used. 


L3  agnostic;  can  accommodate 
non-IP  protocols. 


Dependent  on  underlying 
L2  technology. 


SUPERCOMM.  WHAT'S 


NetworkWorld 

Official  Information 
Technology  Publication 


SUPERCOMM 

Explore  the  Whole  World  of  Communications 


Register  for 

Atlanta  Georgia 
enterprise. 


COST-EFFECTIVE, 
EFFICIENT  WAY 

TO  EXPLORE 
YOUR  FUTURE." 


For  FREE!  SUPERCOMM  is  committed  to  helping  you  prepare  your  enterprise 

infrastructure  for  the  months  and  years  ahead.  That's  why  we've  assembled 

an  unprecedented  array  of  educational  sessions. ..all  at  no  cost  to  you: 

*  EntNet@SUPERCOMM,  a  complimentary  two-day  conference  covering  IP,  GigE, 
wireless  LAN  and  other  hot  private  network  issues. 

*  Meeting  Future  Challenges  of  Large  Enterprise  Networks  with  Steve  Heidt 
President,  Distributed  System  Services,  1-Solutions,  EDS;  Kenneth  Lacy,  Senior 
Vice  President  &  CIO,  United  Parcel  Service;  and  Anthony  E.  Scott,  CTO 
Information  Systems  &  Services,  General  Motors. 

*•  The  Great  Broadband  Showdown  will  debate  broadband  deployment  and 
its  effect  on  future  economic  growth. 

*•  The  Security  Luncheon  will  provide  an  interactive  setting  to  take  on  the 
technical,  financial  and  policy  issues  surrounding  managed  security 

*•  Industry  Update  Sessions,  covering  IP-based  VPNs,  SLAs,  Web-based 
wireless  LANs  and  other  topics  geared  to  "actionable  information 

Add  our  800  exhibitors  and  networking  opportunities,  and  you' 

SUPERCOMM  2002  is  a  must.  Register  now  at  enterp 


NetwnrkWorld  4/8/02 


LANs 

Continued  from  page  46 


LANs  beyond  a  building  without  having  to  set  filters  on  routers  or  configure 
LAN  emulation  over  ATM,  says  Sam  Halabi,  vice  president  of  architecture  at 
Extreme. 


On  the  service  side 

Telseon,  IntelliSpace  and  others  offer  Ethernet-based  MAN  services,  but  sev¬ 
eral  factors  have  limited  the  success  of  these  services,  including  a  lack  of  geo¬ 
graphic  reach.  Metropolitan  Ethernet  also  has  been  limited  to  service 
providers  with  optical  infrastructures,  says  Azhar  Sayeed,  IP  MPLS  Manager  in 
Ciscos  10S Technologies  Division.  MPLS  Layer  2  VPN  technologies  based  on 
the  Martini  approach  addresses  these  issues. 

Using  Martini  technology,  anyone  with  a  routed  infrastructure  can  offer 
Ethernet  services.The  same  goes  for  frame  relay  and  ATM.  Service  providers 
focused  on  IP  could  add  frame  relay  and  ATM  simply  by  modifying  the  edge 
of  their  networks,  where  the  Martini-style  encapsulation  takes  place,  and  turn¬ 
ing  on  MPLS  in  their  network  core,  if  they  haven’t  done  so  already. 

Level  3  and  the  UK’s  Storm  Telecommunications  are  solving  the  “reach” 
problem  by  offering  international 
Ethernet  LAN  extension  services  based 
on  Martini  technology.  In  January,  Level 
3  began  commercial  deployment  of 
Ethernet  over  MPLS  services  based  on 
the  Martini  drafts. The  company’s  large- 
enterprise  customers  can  use  the  ser- 


eliminating  the  need  for  such  restrictions. 

Telseon  and  IntelliSpace  see  opportunities  for  expanded  services  offer¬ 
ings  based  on  MPLS  Layer  2  VPNs.  With  a  fully  transparent  service  such  as 
the  Martini  approach  allows,  service  providers  can  offer  storage  services 
and  server  management  that  appear  as  an  extension  to  the  customer’s  net¬ 
work.  MPLS  Layer  2  VPNs  also  let  metropolitan  providers  ensure  the  strict 
QoS  guarantees  needed  to  support  applications  such  as  VolPespecially  in 
converged  infrastructures, says  Carlo  Lalomia,  IntelliSpace’s  co-founder 
and  CTO. 

For  enterprise  customers,  using  such  services  should  require  little  —  if  any 
—  change  at  their  premise.The  customer  premises  equipment  (CPE)  essen¬ 
tially  sees  the  provider’s  equipment  as  a  Layer-2  device,  such  as  an  Ethernet 
VLAN  switch  or  a  frame  relay  switch.  As  Ethernet-based  services  expand, 
more  corporations  will  find  they  simply  can  use  an  Ethernet  switch  to  inter¬ 
connect  to  their  service  providers.  In  some  cases,  a  service  provider  may  want 
the  MPLS  virtual  circuits  to  begin  at  the  CPE,  which  would  require  an  MPLS- 
capable  router  on  the  premises. 

Because  MPLS  Layer  2  VPNs  are  virtual  circuit-based,  they  are  as  secure  as 
other  virtual  circuit-  or  connection-oriented  technologies,  such  as  ATM.  And 
because  the  Layer  2  traffic  is  carried  transparently  across  the  MPLS  back- 


Layer  3  MPLS  VPN 


Network-based  VPNs  create  a  virtual  IP  circuit  within  an  IP  network.  The  tunnels 
terminate  at  the  service  provider  edge  router. 


vice  to  connect  802. IQ  virtual  LANs 
(VLAN)  across  a  wide  area,  initially 
encompassing  the  U.S.and  Europe. 
Likewise,  Level  3  service  provider  cus¬ 
tomers,  such  asYipes.can  use  it  to  offer 
expanded  Ethernet  coverage  to  their 
end  customers. 

Level  3’s  services  support  multiple 
VLANs  per  customer  Ethernet  port  con¬ 
nected,  letting  multiple  point-to-point 
virtual  circuits  be  established  over  the 
same  port.  Level  3  is  offering  service- 
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level  agreements  for  the  service  based  on  availability,  latency  and  packet 
delivery. 

Pricing,  in  the  form  of  monthly  recurring  charges,  is  based  on  a  combina¬ 
tion  of  port  and  VLAN  charges  and  aggregate  usage.  In  early  spring,  Level  3 
expects  to  expand  its  MPLS  Layer  2  VPN  support  to  encompass  ATM  and 
frame  relay. 

Last  fall,  Storm  announced  its  International  Ethernet  Service.  Based  on  the 
Martini  drafts,  the  service  was  initially  rolled  out  in  Europe,  with  a  connection 
to  New  York  due  to  go  online  early  this  year.  Storm  is  offering  customers  band¬ 
width  in  lM-bit/sec  increments  and  what  it  calls  premium  service  guarantees 
(including  99.99%  availability  and  round-trip  times  between  the  U.S.and 
Europe  of  less  than  80  msec). 

On  the  MAN  front.Telseon  sees  MPLS  Layer  2  VPN  technology  enabling  its 
customers  to  more  seamlessly  connect  their  LANs.  Currently, Telseon  restricts 
customer  use  of  Ethernet  media  access  control  addresses  and  VLAN  tags  to 
avoid  conflicts  with  its  internal  network  operations.  However,  by  using  the 
Martini  approach, Telseon  will  be  able  to  fully  encapsulate  customer  traffic, 


bone,  information  in  the  original  customer  traffic  —  such  as  class  of  service 
markings  and  VLAN  IDs  —  remains  unchanged.  Companies  that  need  to 
transport  non-IP  traffic  (such  as  legacy  IPX  or  other  protocols)  may  find  Layer 
2  VPNs  the  best  solution.  Layer  2  VPNs  also  may  appeal  to  corporations  that 
have  private  addressing  schemes  or  prefer  not  to  share  their  addressing  infor¬ 
mation  with  service  providers. 

At  this  time,  the  Martini  approach  supports  point-to-point  connections  only, 
although  work  on  multipoint  is  proceeding.  One  IETF  draft  (Lasserre)  already 
defines  multipoint  services  for  Ethernet  and  is  supported  by  Riverstone  and 
several  other  vendors.  Work  is  also  ongoing  to  automate  some  aspects  of* 
Layer  2  VPN  provisioning,  so  that  network  operators  only  have  to  provision 
one  rather  than  both  ends  of  the  connection.  Several  vendors  indicated  they 
are  working  to  make  Ethernet-based  MPLS  Layer  2  VPNs  as  easy  to  provision 
as  VLANs. 


How  it  works:  Layer  2  VPNs 


With  Multi  protocol  Label 

Switching  Layer  2  VPNs  based 
on  the  Martini  approach,  a  cus¬ 
tomer’s  Layer  2  traffic  is  encapsulated 
when  it  reaches  the  edge  of  the  service 
provider  network,  mapped  onto  a  label- 
switched  path,  and  carried  across  a 
network. 

This  Layer  2  VPN  technique  takes 
advantage  of  MPLS  label  stacking, 
wnereby  more  than  one  label  is  used  to 
forward  traffic  across  an  MPLS  infra¬ 
structure.  Specifically,  two  labels  are 


used  to  support  MPLS  Layer  2  VPNs: 
One  label  represents  a  point-to-point 
virtual  circuit,  while  a  second  label  rep¬ 
resents  the  tunnel  across  the  network. 

The  current  Martini  drafts  define 
encapsulations  for  Ethernet  (port-based 
and  virtual  LANs  [VLAN]),  ATM  (ATM 
Adaption  Layer  Type  5  and  cell  formats), 
Frame  Relay,  Point-to-Point  Protocol  and 
High-level  Data  Link  Control. 

Other  drafts  are  being  developed  that 
fine-tune  support  for  specific  traffic 
types.The  Fischer  draft  (which  vendors 


Petrosky  is  an  independent  technology  analyst  in  San 
Mateo,  Calif.  She  can  be  reached  at  mary@mpetrosky.com. 


such  as 
Alcatel 
and  Nortel 
support)  pro¬ 
vides  an  alterna¬ 
tive  encapsulation  for 
ATM. 

Once  traffic  is  encapsulated,  the  in¬ 
gress  Label  Switch  Router  (LSR) 
assigns  it  a  virtual  circuit  label.  This 
label  identifies  the  VPN,  VLAN  or  con¬ 
nection  end  point  (equivalent  to  a 
Frame  Relay  Data  Link  Connection 
Identifier,  for  example);  the  egress  LSR 
uses  the  virtual  circuit  label  to  deter¬ 
mine  how  to  process  the  frame.  Control 


protocols,  including  the  MPLS  Label 
Distribution  Protocol  and  Border 
Gateway  Protocol,  are  used  to  set  up 
the  emulated  virtual  circuits. 

For  its  part,  the  tunnel  label  deter¬ 
mines  the  path  a  packet  takes  through 
the  network  —  that  is,  LSRs  in  the  net¬ 
work  core  use  the  tunnel  label  for  pack¬ 
et  forwarding.  Numerous  emulated  vir¬ 
tual  circuits  can  be  carried  in  a  single 
tunnel,  which  aids  in  scalability. 

Vendors  are  supporting  a  variety  of 
MPLS  protocols,  including  Label 
Distribution  Protocol  and  Resource 
Reservation  Protocol-Tunneling  Ex¬ 
tension,  for  tunnel  setup. 
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Bluesocket  WG-1000 
wireless  gateway 


A  traffic  cop 
for  your 
wireless  LANs 


■  BY  TOM  HENDERSON,  NETWORK  WORLD  GLOBAL  TEST  ALLIANCE 

luesocket  has  added  a  layer  of  security  between  wired  and  wireless  re¬ 
sources  via  its  WG-1000  gateway  which  acts  like  a  traffic  cop  for  your  wire¬ 
less  LAN.  Much  like  a  firewall  protects  an  intranet  from  the  Internet,  the 
WG-1000  protects  your  secured  wired  network  from  attacks  via  the  wireless  network. 
Using  IP  Security  the  gateway  can  give  a  higher  level  of  protection  than  access  points 
that  use  Extensible  Authentication  Protocol  or  Lightweight  Extensible  Authentication 
Protocol  for  authentication. 


We  recently  tested  the  WG-1000  and  found  that  it  could  successfully  protect  wire¬ 
less  resources,  despite  some  early  first-version  rough  edges  such  as  weak  documen¬ 
tation  and  complicated  installation. 

What  it  does 

Based  on  a  hardened  Linux  kernel  in  a  1U  (1.75-inch)  server  frame,  the  WG-1000 
sits  between  your  wireless  access  points  and  the  wired  network.  The  WG-1000  is 
agnostic  to  the  types  of  devices  on  both  sides  of  the  fence. 

When  the  WG-1000  is  interjected  between  a  wireless  client  and  protected  re¬ 
sources,  the  client  then  must  jump  through  hoops  to  “cross  over”  to  the  wired, 
secured  side.  Each  device  that  goes  through  the  gateway  is  confronted,  which  means 
that  while  Wired  Equivalent  Privacy  (WEP)  security  in  802.1  lb  can  be  cracked,  the 
gateway  still  can  stop  the  attack  from  reaching  the  wired  network. 

The  confrontation  takes  one  of  several  forms,  as  defined  as  a  WG-1000  roie.Through 
its  Web  interface,  we  created  several  types  of  roles.  In  turn,  users  fit  within  the  roles, 
which  are  analogous  to  operating  system  group  membership.  As  we  authenticated 
as  a  user,  our  "role”  permitted  us  various  protocols  (such  as  Web  access  and  FTP) 
and  gave  us  access  to  internal  hosts. 

Depending  on  the  role,  a  user  can  trigger  services  ranging  from  none  up  to  specific 
or  all  internal  hosts  and  protocol  permissions. 

All  roles  are  subject  to  reauthentication  through  Lightweight  Directory  Access  Pro¬ 
tocol  or  Windows  NT/LAN  Manager,  and  a  VPN  connection.  The  WG-1000  gateway 
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contains  an  integral  IPSec  VPN  (with  many  choices  of  encryption  method),  or  can 
proxy  IPSec  to  another  authenticator  (Check  Point  and  Windows  2000  Advanced 
Server)  running  IPSec. 

Class  of  service  is  also  provided,  which  lets  you  limit  bandwidth  per  user,  per  role 
and/or  per  IP  service.This  can  prevent  bandwidth  hogging,  and  also  keeps  users  that 
are  closer  to  access  points  from  dominating  their  access. 

VPN  makes  sense 

The  VPN  connection  makes  the  most  sense  in  successfully  securing  wireless  LAN 
managed  resources.  Hijacked  sessions  are  possible  if  you  don’t  force  the  use  of  a 
VPN.  With  a  VPN,  it  becomes  extremely  difficult  to  use  wireless  protocol  analyz¬ 
ers  or  Snort-like  applications  to  hijack  username/password  combinations  (such  as 
Challenge  Handshake  Authentication  Protocol  and  Password  Authentication  Pro¬ 
tocol)  and  subject  them  to  dictionary  or  XOR  logic  gate  attempts  that  have  cracked 
the  WEP  algorithm. 

If  VPNs  (especially  IPSec)  are  used  in  conjunction  with  the  WG-1000,  very  high 
protection  is  possible  (as  long  as  IPSec  is  configured  correctly). 

This  also  means  you  won’t  need  advanced  access-point  features,  because  the  link 
between  the  client  and  the  WG-1000  resources  will  protect  wireless  transmissions. 
It’s  still  possible  to  easily  get  an  association  with  a  wireless  gateway,  but  a  drive-by 
client  can’t  do  anything  with  the  session  because  the  hijacking  client  can’t  send 
encrypted  streams  using  the  negotiated  medium  between  the  client  and  the  gate¬ 
way  and  its  internal  and  protected-side  authentication  devices. 

The  WG-1000  includes  an  IPSec  gateway  and  server,  which  was  easier  to  configure 
than  the  Windows  2000  IPSec  implementation.  However,  the  gateway  will  also  work 
with  the  Win  2000  Advanced  Server  IPSec  implementation. 


WG-1000  wireless  gateway 


M  Company:  Bluesocket,  (866)  633-3358,  www.bluesocket.com 

fl,  1  Cost:  $6,000  as  tested.  Pros:  Isolates  and  contains  wireless 

■■  B  LAN  users;  ultratough  to  hijack  with  IP  Security;  extensible  and 
RATING  expandable;  controls  user  bandwidth.  Cons:  Obtuse/difficult 
setup,  weak  documentation. 


What’s  the  score? 


Security  40% 
Features  30% 
Management/Ease  of  use  10% 
Installation  10% 
Documentation  10% 
TOTAL  SCORE 


WG-1000 


4.1 


Individual  category  scores  are  based  on  a  scale  of  1  to  5.  Percentages  are  the  weight  given 
each  category  in  determining  the  total  score.  ■  Scoring  Key:  5:  Exceptional  showing  in  this 
category.  Defines  the  standard  of  excellence.  4:  Very  good  showing.  Although  there  may  be  room 
for  improvement,  this  product  was  much  better  than  the  average.  3:  Average  showing  in  this 
category.  Product  was  neither  especially  good  nor  exceptionally  bad.  2:  Below  average.  Lacked 
some  features  or  lower  performance  than  other  products  or  than  expected.  1:  Consistently  subpar, 
or  lacking  features  being  reviewed. 


Installation  issues 

The  WG-1000  required  a  sophisticated  initial  setup.  Fortunately,  Bluesocket  said  ad¬ 
ditional  units  could  become  slaves  to  a  master  device,  so  settings  could  be  auto¬ 
matically  replicated.  We  did  not  test  this  because  we  only  had  one  unit.  Failover 
capability  is  also  said  to  let  a  successor  primary  WG-1000  be  established. 

Deploying  the  gateway  also  requires  that  existing  wiring  from  all  access  points  (or 
other  devices  that  you  want  to  manage)  be  connected  to  a  switch  or  hub  that  con¬ 
nects  to  the  WG-1000,  which  has  four  ports  (internal/external  and  up/down  slave). 
The  device  can  support  as  many  as  can  be  connected  to  one  jack  on  the  WG-1000 
through  a  hub  (or  better,  a  switch  that  exclusively  focuses  wireless  access  points  to 
the  managed  side  of  the  WG-1000  bridge).  One  could  support  many  hundreds  of 
potential  logons  at  one  WG-1000,  but  wiring  so  as  to  send  a  line  from  each  access 
point  to  a  hub/switch  connected  exclusively  to  the  bridge  is  mandatory  and  there¬ 
fore  causes  more  wiring  problems. 

In  many  campus  environments  or  buildings,  multiple  WG-lOOOs  are  necessary,  un¬ 
less  cabling  exists  to  connect  all  the  managed  devices  to  the  WG-1000.  Howe\  >  r '.  ■  >u 
can  reduce  this  expense  through  inexpensive,  non-feature-filled  access  point1  be 
cause  the  advanced  access-point  features  become  essentially  irrelevant  if  vo«j  u 
the  WG-1000  for  those  advanced  features. 

The  WG-1000  is  sold  through  value-added  resellers  (VAR)and  integrators  v.u,. 
may  support  prices  less  than  the  $6,000  retail  price  for  quantities  of  ur  ■.  L  m.-.i, 
organizations  will  require  quantities  if  this  type  of  deployment  is  -:K  id .\1  on. 

Some  rough  edges 

We  found  the  documentation  occasionally  skimpy  and  ambiguous  but  '  •  h..  ■  .• 
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read  it  because  there  are  no  help  screens 
inversion  1 .0  of  the  WG-1000  Web  interface. 
Also,  we  couldn’t  find  support  or  updates 
from  Bluesocket’s  Web  site  to  authenticate 
our  version  of  the  software. 

We  were  dismayed  that  tech  support  is 
not  24-7,  or  available  on  weekends.  Blue- 
socket  is  supported  through  VARs,  which 


are  ostensibly  required  to  support  the  pro¬ 
duct.  However,  we  found  the  missing  Web 
site  support  onerous. 

The  WG-1000  can  be  misconfigured  and 
is  not  foolproof. 

But  correctly  installed,  it  provides  au¬ 
thentication  and  encryption  support  that 
replaces  WEP  security  problems  with  VPN 


and  directory  service  authentication  that 
can  be  tough  to  crack.  So  far,  we  don’t 
know  of  a  way  to  crack  correctly  config¬ 
ured  IPSec  in  a  way  that  could  hijack  a 
session  or  compromise  authentication  in¬ 
formation  or  datastreams. 

Although  pricey,  the  WG-1000  is  an 
agnostic  way  to  contain  and  manage  wire- 
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TECHUPDATE 

"Whet?  you  get  to  the 
meet  of  the  matter  " 


Network  World's  Tech  Update:  Integrating  &  Managing  Wireless 

in  Your  Network  At  this  seminar,  explore  the  latest  developments  in 
wireless  networking.  Learn  what  new  products,  services  and  technologies  are  ready 
for  implementation  across  your  enterprise  -  and  deliver  real,  quantifiable  results. 

Hot  topics  include: 

•  Wireless  Security  •  Back-office  Support  •  Mobile  Data  Efficiency 

•  LAN  Performance  •  Industry  Standards  •  Global  Usability 

Register  today  for  this  free  event  using  your  VIP  code  WIR1  at: 

www.networkworld.com/seminars/wireless  or  call  800-643-4668 

To  become  a  sponsor  of  this  event  or  if  you  are  interested  in  an  on-site  seminar 
at  your  company,  contact  Andrea  D'Amato  at  508-490-6520  or  adamato@nww.co 
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less  LAN  users  while  leveraging  internal 
authentication  mechanisms  and  VPN  ele¬ 
ments  provided. 

It  suffers  from  Version  1.0  roughness, 
but  does  the  job  of  isolating  and  manag¬ 
ing  wireless  LAN  clients  well. 

Henderson  is  principal  researcher  for 
ExtremeLabs.  He  can  be  contacted  at  then 
derson  @extremelabs.  com. 


Global  Test  Alliani 


■  Henderson  is  a  also  member  of  the 
Network  World  Global  Test  Alliance,  a 
cooperative  of  the  premier  reviewers  in 
the  network  industry,  each  bringing  to 
bear  years  of  practical  experience  on 
every  review.  For  more  Test  Alliance  infor¬ 
mation,  including  what  it  takes  to  become 
a  member,  go  to  www.nwfusion.com/ 
alliance. 
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■  How  we  did  it 

L 

We  installed  the  WG-1000  to 
our  testing  network,  which 
included  several  Compaq 
Presario  700US  notebooks,  a  Sony 
PCG  ICX  notebook,  and  an  HP 
Pavilion  desktop  with  various 
802.11a  and  802.11b  cards  from 
SMC,  Agere/Orinoco,  and  Intel.  We 
connected  an  Intel  and  Agere/ 
Orinoco  802.11b  access  point,  and 
an  Intel  and  SMC  802.11a  access 
point. 

We  then  ran  tests  that  included 
session  hijacks  on  802.11b  cards, 
and  man-in-the-middle  crack  at¬ 
tempts  using  WEPCrack  and  Air- 
Snort  to  dictionary  attack  or  X0R 
attack  streams  in  an  attempt  to 
hijack  sessions. . 

We  were  successful  in  our  ability 
to  hijack  session  that  didn't  use 
VPNs,  but  used  access  point-based 
WEP  encryption.  However,  with 
Point-to-Point  Tunneling  Protocol 
(VI. 1)  or  IPSec  (Bluesocket  or  Win¬ 
dows  2000-based  with  Windows 
2000  certificate  authority),  we 
couldn’t  hijack  sessions. 

Added  security  authentication  to 
LDAP  (via  OpenLDAP  1.3  on  SuSE 
Linux  7.3  hosted  on  a  Gateway- 
brand  server)  worked,  as  did 
NTLM  authentication  against  Win¬ 
dows  2000  Advanced  Server  (SP2, 
hosted  on  a  Compaq  ProLiant  3000 
server).  Guest  account  access, 
when  enabled  on  the  WG-1000  also 
worked  correctly  when  focused 
directly  at  our  internal  firewall/ 
NAT/gateway,  although  such  ses¬ 
sions  could  be  hijacked  because 
they  used  no  VPN  software,  and 
therefore  the  sessions  were  unpro¬ 
tected  from  a  WEPCrack  attack. 
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Peribit  Networks’  SR- 
50  Sequence  Reducer 


Bandwidth  for 
nothing  and 
your  T-3  for 
free. 


BY  BARRY  NANCE,  NETWORK  WORLD  GLOBAL  TEST  ALLIANCE 


Imagine  telling  your  telephone  company  representative,  who  dutifully  arrives  at 
WAN  upgrade  time  to  sell  you  additional  bandwidth, “No,  thanks;  I’ve  found  a  way 
to  make  ourT-1  lines  carry  more  than  1.544M  bit/sec.  I’ll  stick  with  my  existing 
T-l  lines  until  next  year’’ 


Data  communication  lines  are  expensive.  Depending  on  which  carrier  you  lease  a 
T-l  line  from  and  the  distance  it  carries  your  data,  each  line  typically  costs  from  $800 
to  several  thousand  dollars  per  month. The  peaks  and  valleys  of  daily  use  mean  you 
have  to  lease  enough  bandwidth  for  the  busiest  periods.  When  the  busy-period  traffic 
exceeds  current  bandwidth,  you  have  to  lease  additional  bandwidth.  While  frame 
relay  and  fractional  T-l  provide  incremental  costs,  lease  rates  for  T-3  and  higher  speeds 
are  rarely  available  in  fine  gradations. 

To  solve  this,  Cisco,  Lucent  and  other  vendors  offer  software  compression  options  in 
their  router  operating  systems  and  hardware  compression  modules.  Shrinking  the 
data  before  it  traverses  a  WAN  link  and  fluffing  it  up  at  its  destination  lets  the  link  han¬ 
dle  more  traffic. 

A  relative  newcomer, Peribit  Networks  claims  its  SR-50  Sequence  Reducer  takes  com¬ 
pression  to  new  heights.  We  tested  a  pair  of  SR-50s  to  determine  the  extent  to  which 
their  compression  could  save  bandwidth  dollars  for  frame  relay  fractional  T-l,  full  T-l 
and  full  T-3  WAN  links.  We  evaluated  the  SR-50  not  only  for  its  ability  to  reduce  utiliza¬ 
tion  but  also  its  user  interface  (for  configuration  and  usage  statistics),  reliability  docu¬ 
mentation  and  installation. 

SR-50  Sequence  Reducer  is  an  excellent  but  somewhat  pricey  tool  for  helping  WAN 
links  carry  more  traffic.lt  typically  shrank  data  by  a  factor  of  about  four,  was  highly  reli¬ 
able,  the  user  interface  was  a  joy  to  operate,  and  installation  was  a  10-minute  breeze. 

Honey,  I  shrank  the  packets 

SR-50s  compression  ratio  averaged  4.6-to-l  across  all  our  tests  (see  How  we  did  it, 
right),  varying  from  2.7-to-l  to  9.4-to-l  for  several  mixtures  of  traffic  types.  We  observed 
the  least  compression  when  half  the  traffic  consisted  of  accessing  already-compressed 
ZIP  files  on  a  file  server,  and  we  observed  the  greatest  compression  when  half  the  traf¬ 
fic  consisted  of  e-mail  messages  that  were  4K  to  8K  bytes. Traffic  consisting  predomi¬ 
nately  of  database  transactions  experienced  a  compression  ratio  of  6.6-to-l.Web  page 
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SR-50  Sequence  Reducer 
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M  ■■  Company:  Peribit  Networks,  (866)  737-4248,  www.peribit.com 
Cost:  Starts  at  $15,000  each.  Pros:  Excellent  traffic  compression 
(better  than  Cisco's),  highly  reliable,  easy  installation  and 
RATING  configuration.  Cons:  More  expensive  than  the  equivalent  Cisco 
compression  feature. 


What's  the  score? 

SR-50  Sequence  Reducer 

Bandwidth  savings  40% 

4 

Reliability  30% 

5 

Ease  of  use  10% 

5 

Installation  10% 

5 

Documentation  10% 

4 

TOTAL  SCORE 

4.5 

Individual  category  scores  are  based  on  a  scale  of  1  to  5.  Percentages  are  the  weight  given 
each  category  in  determining  the  total  score.  ■  Scoring  Key:  5:  Exceptional  showing  in  this 
category.  Defines  the  standard  of  excellence.  4:  Very  good  showing.  Although  there  may  be  room 
for  improvement,  this  product  was  much  better  than  the  average.  3:  Average  showing  in  this 
category.  Product  was  neither  especially  good  nor  exceptionally  bad.  2:  Below  average.  Lacked 
some  features  or  lower  performance  than  other  products  or  than  expected.  1:  Consistently  subpar, 
or  lacking  features  being  reviewed. 


How  we  did  it 


Our  testing  network  consisted  of  two  Fast  Ethernet  subnet  domains 
connected  by  Cisco  and  Lucent  routers  and  back-to-back  Visual 
Networks  DSU/CSUs.The  frame  relay  link  had  a  committed  informa¬ 
tion  rate  of  256K  bit/sec  and  could  burst  up  to  384K  bit/sec.  An  Agilent  Ad¬ 
visor  protocol  analyzer  generated  packets  and  decoded  and  displayed  net¬ 
work  traffic. 

intensive  traffic  compressed  at  ratios  from  3.5-to-l  for  pages  containing  large  numbers 
of  already-compressed  graphic  images,  to  8-to-l  for  pages  containing  mostly  text. 

SR-50  has  two  RJ-45  ports,  a  serial  port  and  a  Universal  Serial  Bus  (USB)port. 
Connecting  an  ASCII  terminal  or  PC-based  terminal  emulator  via  the  serial  or  USB 
port  lets  you  use  SR-50’s  command-line  interface.  One  RJ-45  port  connects  to  a  switch 
or  hub,  and  the  other  RJ-45  port  connects  to  the  router.  In  other  words,  you  insert  SR- 
50  into  a  connection  between  a  router  and  switch  or  hub.  Because  the  unit  com¬ 
presses  all  traffic  flowing  through  it,  SR-50  works  best  in  a  switched  environment. 
Connecting  the  unit  to  a  hub  and  router  (as  opposed  to  a  switch  and  router)  didn’t 
slow  SR-50  down  in  our  tests.  However,  because  hub-connected  devices  receive  all 
traffic,  we  suspect  that  if  SR-50  were  ever  to  bog  down,  it  would  happen  when  con¬ 
nected  to  a  hub. 

When  we  simulated  hardware  failures  by  powering  down  SR-50,  it  went  into  bypass 
mode  to  make  sure  the  traffic  kept  flowing.  In  general,  the  unit  is  well  designed  and 
highly  reliable. 

Besides  the  command-line  interface,  SR-50  sports  a  Web-based  interface  for  config¬ 
uring  the  unit  and  viewing  compression  statistics.  Installing  the  unit  takes  only  a  few 
steps,  and  the  documentation  is  clear,  comprehensive,  well-indexed  and  rife  with 
screen  illustrations,  but  it’s  only  available  online.  SR-50’s  compression  technology  is 
better  than  Cisco’s  (4.6-to-l  vs.  only  2.9-to-l),  but,  as  an  example,  Cisco  VPN 
Acceleration  Module  costs  only  $5,000.  Also,  because  compression  depends  on 
repeated  data  patterns  to  work,  and  encryption  randomizes  data  destroying  the  data 
patterns, attempting  to  compress  (via  Peribit  or  Cisco)  encrypted  data  typically  results 
in  larger,  not  smaller,  packets. 

Conclusion 

If  you  have  a  WAN  link  you’re  planning  to  upgrade  because  its  usage  is  increasing, 
consider  saving  money  by  using  compression  to  prolong  the  life  span  of  the  link. 
While  we  observed  a  compression  ratio  of  4.6-to-l  with  SR-50,  your  mileage  may 
vary  To  analyze  your  own  environment  and  the  link’s  growth  rate,  determine  its  cur¬ 
rent  utilization,  note  the  cost  of  the  link  and  the  planned  upgrade,  and  factor  in  a 
conservative  compression  ratio  of  2-to- 


1 .  If  the  calculations  show  you  can  save 
money  by  buying  a  pair  of  SR-50s 
(don’t  forget  to  also  do  the  math  for  the 
Cisco  option)  to  stave  off  the  planned 
upgrade,  you  should  think  seriously 
about  compression. 

Nance ,  a  software  developer  and  con¬ 
sultant  for  29  years,  is  the  author  of 
Introduction  to  Networking,  4th 
Edition  and  Client/Server  LAN 
Programming.  He  can  be  reached  at 
barryn  @erols.  com. 
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■  Nance  is  also  a  member  of  the  Mu 
work  World  Global  Tost  Alliance,  a  cu.rur ; 
tive  of  the  premier  reviewers  in  the  nr* 
work  industry,  each  bringing  to  hear  years 
of  practical  experience  on  every  review. 

For  more  Test  Alliance  information,  includ¬ 
ing  what  it  takes  to  become  t  member,  go 
to  www.nwfusion.com, alliance. 
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JUSTIFICATION 


IT  malpractice 


When  products  or  consultants  fail  to  do  the  job,  companies  are  calling  in  the  lawyers. 


■  BY  ANN  BEDNARZ 

Imagine  a  retailer  plans  to  revamp  its  Web  site  in  time  for  the  holi¬ 
day  shopping  season  using  new  software  and  a  systems  integrator. 
But  it’s  February  by  the  time  the  new  site  is  operational. The  retail¬ 
er  limped  through  December  with  its  old  site,  sales  are  down,  cus¬ 
tomer  satisfaction  is  at  an  all-time  low,  and  the  Federal  Trade 
Commission  is  investigating  the  company’s  problems  fulfilling 
online  orders.  Was  it  simply  a  bad  season  or  dereliction  of  duty? 


Increasingly,  IT  customers  are  crying 
malpractice  and  railing  against 
slipped  implementation  schedules, 
compounded  consulting  fees  and  dis¬ 
appointing  product  performance.  No 
one  expects  a  software  rollout  to  be 
perfect,  but  when  the  process  seems 
to  yield  more  flaws  than  fixes,  some 
clients  turn  to  litigation. 

One  of  the  most  infamous  examples 
is  FoxMeyer,  which  says  its  enterprise 
resource  planning  rollout  was 
botched  so  badly  that  it  was  forced 
into  bankruptcy  The  drug  distributor 
filed  lawsuits  in  1998  against  software 
company  SAP  and  Andersen 
Consulting  (now  Accenture).  The 
case  is  still  unresolved  as  trial  dates  — 
scheduled  in  federal  and  Texas  state 
courts  for  September  and  June  of  this 
year,  respectively  —  draw  close.  At 
stake  is  a  combined  $1  billion  in  dam¬ 
ages  that  FoxMeyer  seeks  from  the 
defendants. 

The  compensation  sought  by 
FoxMeyer  isn’t  too  unusual.“You’ll  see  some 
pretty  crazy  numbers,”  says  Tim  Ehrhart, 
assistant  vice  president  and  leader  of  the 
errors  and  omissions  (E&O)  practice  at 
Chubb  Group  of  Insurance  Companies. 
E&O  for  IT  vendors  is  the  equivalent  of 
medical  malpractice  insurance  for  doc¬ 
tors.  A  vendor  that  buys  E&O  insurance  and 
is  subsequently  sued  can  count  on  its  insur¬ 
er  to  play  a  role  in  settlement  negotiations 
and,  if  the  lawsuit  progresses  that  far,  even¬ 
tually  offset  or  absorb  the  vendors  liability. 

During  the  past  five  years, Chubb  has  seen 
a  nearly  tenfold  increase  in  the  number  of 
$1  million-plus  claims,  Ehrhart  says.  “The 
stakes  get  high  because  today  we're  so 
dependent  on  technology’  Ehrhart  says.  He 


Litigation  nation 

Because  disappointing  performance, 
delivery  delays  and  product  defects 
are  among  the  reasons  companies 
resort  to  litigation  . . . 

Causes  for  litigation: 

Functionality  and/or  performance  of  delivered 
product  didn’t  live  up  to  claims  of  maker: 


67% 


Promised  delivery  date  slipped  several  times: 


56% 


Defects  in  vendor's  product  make  the 
product  unusable: 


45% 


SOURCE  CUTTER  CONSORTIUM 


Commission  during  a  40-month  period,  business 
However, “not  a  single  tax  was  implement-  needs, 
ed  during  the  64-month  term  of  the  con-  Key  to  align- 
tract,”  according  to  an  ITS  statement.  ing  expecta- 

Settlement  attempts  failed,  the  case  tions,  there- 
made  it  to  trial,  and  a  jury  in  August  2000  fore,  is  the  con- 
awarded  the  state  of  Mississippi  $475  mil-  tract  phase.  In 

lion  in  actual  and  punitive  damages.  Post-  his  work  at 

verdict  negotiations  between  the  parties  G  a  d  s  b  y 
reduced  the  settlement  to  $185  million  Hannah, 
over  several  years.  Zucker  helps 

While  there  have  been  only  a  handful  of 
headline-grabbing  cases,  disputes  between 


More  online! 


. . .  experts  recommend  to  keep  in  touch 
with  vendors.  Frequent  meetings  can 
keep  problems  from  escalating,  but 
few  companies  heed  that  advice. 

Frequency  with  which  IT  contracts  are  reviewed: 

Never  7%  Once  a  year  34% 

- 1 

Every  month  7% 


cites  one  U.K.  company  that  is  seeking  $200 
million  in  consequential  damages  stem¬ 
ming  from  an  IT  contract  originally  worth 
$80  million. 

How  much  of  such  claims  typically  gets 
paid  is  unknown,  except  perhaps  to  the 
insurance  companies.  Most  IT  disputes  are 
settled  out  of  court,  so  there  are  few  legal 
precedents  on  which  to  gauge  plaintiffs’ or 
defendants’  success. 

One  very  public  exception  is  a  lawsuit 
filed  by  the  Mississippi  Department  of 
Information  Technology  Services  (ITS) 
against  American  Management  Systems 
(AMS).  The  original  $11  million  contract 
called  for  AMS  to  build  an  automated  tax 
system  to  collect  36  taxes  for  the  state’s  Tax 


once  a  year 

20% 


IT  vendors  and  customers  are  more  com¬ 
mon  than  you  might  think.  Cutter  Con¬ 
sortium  found  an  eye-popping  78%  of  sur¬ 
vey  respondents  said  their  IT  organizations 
have  been  involved  in  a  dispute  that  result¬ 
ed  in  litigation  (see  graphic). 

A  big  part  of  the  problem  is  mismatched 
expectations,  says  William  Zucker,  a  senior 
analyst  at  Cutter  and  partner  at  law  firm 
Gadsby  Hannah,  where  he  heads  the  firm’s 
litigation  and  technology  practices.  The 
vendor  goes  by  defined  contractual  obliga¬ 
tions,  whereas  the  client  looks  to  solve  busi¬ 
ness  issues,  Zucker  says.  Standard  business 
terms  and  contractual  provisions  may  be 
inadequate  for  an  arrangement  between  a 
client  and  supplier  that  is  to  fulfill  critical 


Read  about  PricewaterhouseCoopers’ 
study  of  120  IT  litigation  cases  that 
occurred  over  a  25-year  period. 
DocFinder  8823 

companies  prepare  their 
requests  for  proposal, evaluate  vendors  and 
draft  contracts  that  include  conflict-  and 
change-management  provisions. 

Zucker  recommends  a  contract 
include  a  mechanism  for  meeting  on 
a  regular  basis  —  ideally  monthly  — 
to  review  contract  status,  perfor¬ 
mance,  problems  and  successes.  Not 
only  do  you  build  up  personal  rela¬ 
tionships,  but  you  also  discover  along 
the  way  the  little  things  that  need  dis¬ 
cussing,  he  says.  “If  you  tweak  those 
along  the  way  you  avoid  big  lurches 
later  on,”  Zucker  says. 

What’s  more,  a  company  needs  to 
plan  for  how  it  will  end  a  contractual 
relationship  with  a  vendor,  whether 
because  a  contract  expires  or  is  ter¬ 
minated,  Zucker,  says.  And  that 
requires  cooperation  upfront  from 
the  vendor.  If  a  vendor  isn’t  willing  to 
discuss  exit  strategies,  “that’s  the 
wrong  vendor/  Zucker  says. 

Here’s  some  other  negotiating 
advice  that  might  help  you  avoid  a 
legal  conflict  —  or  protect  you  if  one 
becomes  inevitable. 

•  Document,  document,  document. 
Put  in  writing  any  requests  for  changes  to 
the  IT  project  scope.  Document  any  prob¬ 
lems  during  the  project.The  more  support¬ 
ive  documentation  there  is  for  a  legal  bat¬ 
tle,  the  better. 

•  Consider  requiring  malpractice  insur¬ 
ance.  Some  companies  will  work  only  with 
vendors  that  provide  proof  of  not  only  gen¬ 
eral  liability  insurance  but  also  profes¬ 
sional  liability  coverage,  Ehrhart  says. 

•  Address  damages  in  the  contract. 
Vendors  will  likely  want  to  impose  liability 
limitations  —  some  will  go  as  far  as  to  push 
provisions  that  absolve  them  from  all 
responsibility  for  consequential  damages. 
Clearly,  that’s  a  bad  idea  for  clients,  Ehrhart 
says.B 
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You  asked  for  a  KVM  switch  that  could  do  more.  We  delivered. 

The  Avocent  DS  Series  combines  analog  and  KVM  over  IP™  connectivity  to  give  you 
access  to  your  servers  from  any  location  you  choose.  Our  DS  Series  gives  you  much 
more  than  just  control  of  your  servers.  Now  you  can  use  the  power  of  IP  to  control 
servers,  routers,  firewalls  and  power  devices  -  all  from  a  single  screen!  Plus,  CAT  5 
connections  simplify  installation,  and  our  IP  architecture  makes  adding  servers  as 
easy  as  point  and  click. 

To  learn  how  Avocent  can  deliver  for  you,  download  a  free  KVM  Tech 
Guide  today  at  www.kvmguide.com  and  see  how  much  more  Avocent's 
DS  Series  can  do. 

Avocent  the  Avocent  logo, "The  Rawer  of  Being  There”,  "KVM  over  IP”  and  DSView  are  trademarks  of  Avocent  Corporation.  AH  other  marks  are 
the  property  of  their  respective  owners.  Copyright  4  2002  Avocent  Corporation. 


DSView  gives  you  "Click  and  Connect' 
access  and  control  of  all  the  KVM  and  serial 
devices  in  your  data  center. 
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The  Power  of  Being  There  , 


Try  SharkRacks™.  Our  rack-mount  units  will 
safely  house  virtually  any  19”  EIA  standard  unit. 
Have  Suns?  No  problem.  What  about  Cisco  gear, 
or  Compaq,  or  HP  servers?  Sure.  We  can  rack 
that.  With  SharkRack  you  get  a  great  looking 
cabinet.  Our  space  savings  and  cabling  features 
will  organize  your  systems.  Most  importantly,  with 
our  NetBotz  unit  watching  over  your  systems, 
you’ll  always  know  what’s  going  on.  Call  us  today 
or  log  on  for  more  details  to  see  how  we  can  help 
you  save  space,  keep  cool,  and  look  good. 


vSHARK  877-427-5722 
l?ACK  www.sharkrack.com 


Wondering  How  To  Get  More 
Out  Of  Your  Data  Center? 


Copyright  SharkRack,  Inc.  SharkRack  is  a  trademark  of  SharkRack  Inc.  All  rights  reserved.  NetBotz  is  a  trademark  of  RackBotz  Inc.  HP  is  a  trademark  of  Hewlett  Packard,  Inc.  Compaq  is 
a  trademark  of  Compaq  Corp.  Sun  is  a  trademark  of  Sun  Microsystems,  Inc..  Cisco  is  a  trademark  of  Cisco  Systems,  Inc.  All  other  trademarks  are  the  property  of  their  respective  holders. 


SharkRack™ 
Systems  are  the 
leading  racking 
solution  for  multi¬ 
vendor  configura¬ 
tions.  We  rack 
Sun™,  Cisco™, 

■  Compaq™,  HP™ 
and  almost  any 
19”  EIA  standard 
unit.  Our  current 
Sun™  rack-mount 
kits  include: 


The  SharkRack  LCD  monitor  and 
keyboard  has  TFT  quality  video 
imaging  on  a  sliding  tray  that  is 
only  1.75”  high. 


SunFire™  3800- 

4800  series 

servers 

E3500,  E4500 

A5000 

T-3 

Many  more, 
see  web  site 
for  details 


The  NetBotz™  RackBotz  unit 
installs  in  a  cabinet  and  monitors 
internal  conditions.  If  a  problem 
occurs,  it  will  send  out  an  alert  by 
email,  pager,  or  other  device. 
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CONTROL  IT 


SECURE  IT 
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Rose  Electronics 


Houston,  Texas  77099 

281-933-7673 


The  UltraLink  is  the  Rose  Electronics  answer  to 
Modem  and  Ethernet  remote  accessl 
Server  access  over  IP  technology  allows  you 
access,  control  and  provide  computer 
maintenance  from  anywhere  in  the  world, 
combined  with  Rose  KVM  switch  technology, 
server  management  administrators  can  have 
faster  access  saving  time  and  money. 

With  dial-in,  dial-back  security  and  high- 
resolution  quad  screen  and  SSL  encryption,  the 
UltraLink  raises  the  KVM  industry  bar  in  remote 
server  access. 

A  KVM  industry  pioneer,  Rose  Electronics  is 
recognized  for  superior  KVM  switch  technology. 
Product  integrity,  simplicity,  and  reliat 
the  hallmarks  of  all  Rose  products. 

Call  Rose  to  learn  more  about  remote 
management  today. 


800-333-9343 


WWW.ROSE.COM 
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Universal  Edge  600  Series 

Formerly  a  Sonoma  product  and  manufactured  by  Nortel  Networks 


Delivering  Flexible  &  Seamless 

Integrated  Access  Solutions 


Enabling  Integrated  Services 


Flexible  Network  Connectivity 
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To  deliver  next-generation  voice  and  data  services,  quickly  and  seamlessly, 
you  need  superior  network  agility.  The  Universal  Edge  600  series  from 
CTDI  provides  all  the  agility  you  need  with  powerful,  future  ready  capabilities 
and  features  that  make  it  easy  to  install,  operate  and  upgrade. 

The  Universal  Edge  600  portfolio  of  Broadband  Integrated  Access  Devices 
delivers  next-generation  voice  and  data  services  over  a  packet  infrastructure. 
The  Universal  Edge  600  series  provides  business-class  solutions  for  data, 
including  high-speed  Internet  access,  LAN  inter-working,  frame  relay, 
cell  relay,  and  video  transport.  In  addition,  the  Universal  Edge  600  provides 
the  ultimate  flexibility  for  delivering  voice  services.  The  Universal  Edge  600 
is  ideal  for  small,  medium,  and  large  businesses,  offering  solutions  that 
support  from  12  to  24  analog  phones  to  multiple  DSIs/Els  of  voice. 


Universal  Edge  600  offers  network  connectivity  options  from  1.5  to  155  Mbps. 

For  DS1/E1,  service-selectable  ports  can  be  software  defined  for  UNI,  Inverse 
Multiplexing  over  ATM  (IMA),  or  Circuit  Emulation  Services  (CES). 

This  unique  feature  allows  the  network  connection  to  expand  from  a  cost-effective 
DS1/E1  to  a  maximum  of  4  DSIs/Els  without  a  forklift  upgrade.  DS3/E3  and 
optical  interfaces  eliminate  the  access  bottleneck,  extending  high-speed 
services  to  the  customer  premises.  OC-3c/STM-1  optical  interfaces  include 
multimode,  single  mode-intermediate  reach,  and  single  mode-long  reach  optics. 

The  ATM  Advantage 

Universal  Edge  600  delivers  Quality  of  Service  (QoS)  benefits  inherent  to  ATM. 
Different  traffic  types  require  different  classes  of  service:  voice  traffic,  for  example, 
requires  more  predictable  delivery  and  higher  priority  than  data.  These  QoS 
requirements  are  met  through  traffic  shaping  and  the  assignment  of  traffic  to 


different  ATM  v 
Cell  Rate  Algor 
service  categor 


rtual  circuits  (VCs).  Traffic  shaping  based  on  the  Generic 
thm  is  designed  to  ensure  a  smooth  flow  of  traffic  in  each  of  the 
es:  Constant  Bit  Rate,  Variable  Bit  Rate-real  time,  and  Variable 
Bit  Rate-non  real  time.  Transmit  queuing  is  done  on  a  per-VC  basis. 
By  providing  differentiation  on  a  per-VC  basis,  the  QoS 
is  guaranteed  end-to-end  across  the  network. 
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"For  flexibility  and  wise  of  operation  with  the  advanced  Voice  andidata 
services  tha  t  bu  si  peases  demand,  the  Universal  Edge  600  portfolio  ^ 
of  Broadband  Integrated  Access  Devices  is  unsurpassed" 


Universal  Edge  l 


of  Broadband  Integrated  Access  Devices  is  unsurpassed"  ■ 
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Call  today  for  more  information  o00.4oo.Uo9o  or  browse  our  on-line  inventory  @  WW 
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The  Hub  of  the  Network  Buy 
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There  ts  A  Better  Way  To  Troubleshoot  &  Manage  Your  Network 
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Observer 
$ 995 


Expert 

Observer 

$2895 


Observer 
Suite 
$ 3995 


Observer® — Quickly  identifies  network 
trouble  spots  and  costs  thousands  less  than 
expensive  hardware-based  analyzers. 
Observer  provides  metrics,  capture,  and 
trending  for  both  shared  and  switched 
environments. 

•  Full  packet  capture  and  decode  for  over 
500  protocols,  including  TCP/IP  (v4  &  v6), 
NetBIOS/NetBEUI,  XolP,  SNA,  SQL,  IPX/SPX, 
Appletalk  and  many,  many  more! 

•  Switched  mode  sees  all  ports  on  a  switch 
gathering  statistics  from  an  entire  switch  or 
capture/statistics  from  any  port(s) 

•  Long-term  network  trending  collects 
statistical  data  for  days,  weeks,  months, 
even  years 

•  Real-time  statistics  include  Top  Talkers, 
Bandwidth,  Protocol  Statistics,  and 
Efficiency  History 

•  Ethernet  (10/100/Gigabit),  Token  Ring, 
FDDI,  and  Wireless  802. 1 1 — no  need  to 
purchase  separate  tools 


•  Windows®  98/Me/NT/2000/XP  compatible 

•  Over  4,000  frame  types  recognized 

Expert  Observer — Identifies  problems  and 
provides  Expert  information  in  plain  English. 

Includes  all  of  the  features  of  Observer  plus 
real-time  and  post-capture  expert  event 
identification  and  analysis — new  SQL  and 
Frame  Relay  experts  add  to  the  many  other 
protocols  covered,  time  synchronization 
technology,  and  modeling  of  network  traffic. 

Observer  Suite — The  ultimate  tool  for 
the  most  demanding  power  user. 

Provides  a  full  complement  of  tools  that 
includes  all  of  the  features  of  Expert 
Observer  plus  SNMP  management,  RMON 
console/Probe  and  Web  reporting.  Includes 
one  remote  Probe. 

If  you  have  any  network  problems,  find 
out  the  cause  with  Observer,  Expert 
Observer,  or  Observer  Suite. 


Call  800-526-7919  or  visit  us  online  for  a  full-featured  evaluation: 

www.NETWORKINSTRUMENTS.com 

US  (952)  932-9899  •  Fax  (952)  932-9545  •  UK  &  Europe  +44  (0)  1959  569880  •  Fax  +44  (0)  1959  569881 


NETWORK 

INSTRUMENTS 


©2002  Network  Instruments,  LLC.  Observer,  “Network  Instruments”  and  the  “N  with  a  dot"  logo  are  registered  trademarks  of  Network  Instruments,  LLC, 
All  other  trademarks  are  property  of  their  respective  owners. 


BuyUptime.com 

Your  One-Stop  Shop  for  High  Availability  Products 

High  Availability  Made  Easy  ■n»"— ■ ■  . . . . ■■■— — — — 

As  a  leading  supplier  of  end-to-end  UPS  power,  thermal  cooling  and  management  solutions,  BuyUptime.com 
can  accommodate  the  level  of  availability  many  customers  have  come  to  require.  Join  us  today  and  let 
BuyUptime  be  your  one-stop  shop  for  high  availability  solutions. 


Net  work  AIR  RM  Air  Distribution  Unit 


Put  cooling  right  where  you  need  it  - 

in  the  enclosure! 

This  unique,  2U,  rack-mounted  fan  tray  works  with  existing  preci¬ 
sion  air  conditioning  systems  to  deliver  additional  cool  air  to 
rack-enclosed  equipment.  Install  this  unit  at  the  bottom  of  your 
enclosure  and  the  unit's  dual  fan  system  will  pull  cool  air  up 
from  the  raised  floor,  directly  cooling  your 
equipment,  thereby  eliminating  localized  hot  spots. 


Call  Toll  Fret  888-288-8843 

or  visit  us  on  the  Web  -  www.buyuptime.com 


©2002  Systems  Enhancement  Corp  All  Trademarks  are  the  property  of  their  owners 
Call:  888-288-8843  •  Fax  (877)  411-2080  •  E-mail  customerserviceObuyuptime  com 
801  Corporate  Centre  Drive,  St  Charles,  MO  63304  •  BY2A1EP-USC 


■  Fits  most  leading  enclosure  designs 


FREE  CATALOG! 

To  see  our  complete  selection  of  high  availability 
solutions,  order  your  FREE  BuyUptime.com  catalog. 


For  special  pricing  go  to: 

http://promo.buYuptime.com  and  enter  Key  Code  e512y 


(Includes  Shipping  &  Handling) 


Benefits  Include: 

■  Provides  the  additional  airflow 
needed  to  cool  densely 
packed  enclosures 

■  Dual  fans  provide  an  air  pattern  that  equalizes  airflow 
to  the  top  and  bottom  of  your  rack  equipment 

■  Enhances  air  quality  to  equipment  by  providing  30% 
efficient  filtration 
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NctworkWorld's 


The  Hub  of  the  Hetwork  Buy 


Marketplace 


READY 


www.cyciaaes.com 

1-888-CYCLADES  1-888-292-5233 
510-770-9727 
sales@cyclades.com 
Fremonl,  CA 


"The  Cydades-TS  Series  of  Console  Access  Servers  provides  the  highest  port  density 
and  security  at  a  very  competitive  price.  By  using  Linux  as  the  embedded  OS,  it 
offers  the  flexibility  required  to  manage  our  dynamic  environment. 

The  Cydades-TS  is  a  key  element  to  help  us  keep  our  servers  up  and  running." 

-  Pete  Kumler,  Manager  of  Site  Operations,  Yahoo!  Inc. 


Cyclades-TS  Series  Console  Access 

•  1/4/8/16/32/48  RS-232  ports  on  1U  of  rack  space 

•  First  Linux-based  Terminal  Server  in  the  market 

•  IP  Filtering,  RADIUS,  and  Secure  Shell  (SSHv2) 

Sun,  HR  and  IBM  compatible 


Linux,  FreeBSD, 

No  unintentional  breaks  (Sun)  LINUX 

i  Solaris' l 

Off-line  data  buffering  ,n%de 


CAS  booklet  at  www. 
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western  telematic  incorporated 

5  Sterling  •  Irvine  •  California  •  92618-2517 


See  us  at  Networld+lnterop,  Booth  #8526 


Keeping  the  Net...Working! 


vmw.wti.com 


(800)  854-7226 


Telnet  and  Dial-Up  Network  Power  Switch 

Reboot  Locked-up  Equipment 


Individually  Controlled  Outlet  Rugs  (8) 


lOBase-T  Ethernet 
Interface 


Dual  15  Amp 
Power  Circuits 


19”  Rack  Brackets 
Allow  Front,  Back, 
or  Center  Mounting 


Modem  Port  for 
Out-of-Band  Management 


Local  RS232  Console  Port 


(  Network  Power  Switch  (NPSp) 

8  Individual  Outlets  •  Outlet-Specific  Password  Security 

On/Off/Reboot  Switching  •  Network  Security  Features 

Integral  1 0Base-T  Interface  •  1 1 5-VAC  (230- VAC  available) 
Co-Location  Features  •  Power-Up  Sequencing 


Telnet  and  Dial-Up  Console/AUX  Port  Switch 

Cost  Effective  Terminal  Server  Alternative 


AC  or -48V  DC  Power 

RS232  Ports 


1 0Base-T  Ethernet  Interface 


19”  Rack  Mounted 


(^Console  Management  Switch  (CMS) ) 


•  8, 16  or  32  RS232  DB-9  Serial  Ports 

•  Simultaneous  Telnet  Sessions 

•  Non-Connect  Port  Buffering  -  32K 

•  IP  Security  Features 

•  Modem  Auto-Setup  Command 
Strings  (User  Definable) 

•  NEBS  3  Approved 


ROUTER  DSU/CSU 

CONSOLE  CONSOLE 

m 
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INSOLE 


CONSOLE 


CMS-16 


REMOTE  AOMNSTTWUR 


LOCAL  TERMINAL 


They  gave  us  an  hour,  we  gave  them  3  seconds. 


Web  site  acceleration  deployed  in  under  an  hour. 


Faster  Performance 

T|X  optimizes  and  compresses  out¬ 
bound  data  in  real-time,  accelerating 
server  response  time  and  user 
downloads. 

Maximize  Server  Capacity 

T|X  eliminates  the  I/O  inefficiencies  of 
content  servers,  drastically  expanding 
their  load  carrying  capabilities. 

Reduce  Costs 

Besides  eliminating  servers,  rack  space, 
management  and  licensing  costs,  T|X’s 
real-time  compression  typically  cuts 
bandwidth  use  by  50%. 


Redline  Networks’ ™ 


We  all  know  it’s  true  —  the  Internet  isn’t 
fast  enough  and  faster  downloads  are 
always  better.  Now,  sites  can  accelerate 
downloads  of  static  and  dynamic  content 
to  all  of  their  users  by  deploying  Redline 
Networks’  T|X  acceleration  appliance  in 
their  data  center.  It’s  that  easy.  It  takes  less 
than  an  hour,  it  makes  your  whole  sice 
faster,  and  it  cuts  your  bandwidth  bill  too. 


Reduce  Bandwidth  Needs  by  50%  •  Deploy  in  About  an  Hour 


www.RedlineNetworks  com  For  more  information:  1  877.550  6420 


Be/Ur  Performance  is  Better  Business. 


Sentry  :  PowerTower 


using  Zero  U 

of  rack  space? 


16  remotely  addressable  power  outlets  — 
The  highest  density  available  of  any 
Remote  Power  Management  vertical  strip. 
30-amp  power  input  feed  distributed 
across  16  outlets. 

Mounts  vertically  in  your  equipment  rack  or 
cabinet  and  requires  Zero  U  of  rack  space. 
Load  Sense  provides  real-time  current 
monitoring  In  the  remote  screen  interface 
and  through  a  built-in  LED  display  for  on¬ 
site  measurement 

Power-up  sequencing  of  all  16  outlets 
prevents  an  In-rush  current  overtoad. 
Telnet,  SNMP,  Modem  or  RS-232  Interfaces  for  easy, 
practical  and  secure  power  management  of  remote 
internetworking  equipment 


Install  the  new  Sentry  Power  Tower  In 
your  data  center,  NOC  or  co-to  facility 
nd  gain  the  advantage  of  remotely 
rebooting  up  to  16  of  your  equipment 
units  -  without  occupying  any  space  in 
your  rack  or  enclosed  cabinet 

Try  the  New  Sentry  Power  Tower  in  your 
rack  or  cabinet  and  realize  the  benefits 
of  Intelligent  Power  Distribution  and 
Remote  Power  Management 


See  our  complete  product  line  at  wwwservertech.com 
or  call  800.835.1515  or  775J«q-20oo 


Another  great  product  from 

Sen*  Technology,  Inc 
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New 

Routers 

Switches 


Authorized  Reseller 
Sell  Lease  R 
Refurbished  l 

Nortel  E 


A  W  'M. 

Memory 

ISDN 


Repair 

Used 

DSU/CSUs 

3Com 


1  877  231  2451 


\umm 

[DflmfpftODUCTl 


www.wdpi.com 

Email:  dsco6@wdpi.com 


Cisco  Systehs 


ICSA  Certified 


System  Software 

Features  include: 

•  High  Performance 

•  Built-in  IPsec  VPN 

•  Stateful  Packet  Inspection 

•  Dynamic  &  Static  NAT 

•  PPP  and  PPPoE  Support 

•  DHCP  Services 

•  DNS  Server 

•  Mobile  VPN  Client  Support 

•  Content  Filtering 

•  Gigabit  Ethernet 

•  Secure  Remote  Management 

•  Email  Proxy 

Sales: (800)  775-4GTA 
Tel:  (407)  380-0220 
Email:  info@gta.com 
Web:  http://www.gta.com 


Security 


Firewall  Appliances 


RoBoX  Firewall 

Remote  offke/branch  office  versatile  firewall 
appliance  for  offices  with  fewer  users. 


GB-1000  Firewall/VPN  Appliance 

High  performance,  firewall  with  unlimited  user 
license,  IPSec  VPN  and  High  Availably  feature. 


Firewall  Software  Systems 


GB-  Flash 

All  the  power  and  functionality  of  the  GB-1000  on  an  ear  y  ro 
install,  solid-state  flash  memory  module. 

GNAT  Box  Pro 

Simple,  powerful,  high  value  firewall  that  runs  and  loot'  o  r 

floppy  diskette  on  a  486  CPU  (or  higher)  and  16MB  of  RAM 


Global  Technology  Associates,  Inc. 

Firewall  developers  since  1994 


y 
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RACK  MOUNT  TFT  DISPLAYS 

We  provide  the  solutions  for  your  rack  mount  display 
requirements  with  our  innovative  TFT  product  line. 


KEYBOARD,  TOUCHPAD  AND  TRACKBALL  OPTIONS 
1U.2U  AND  PANEL  MOUNTED  CONFIGURATIONS 
12.1”,  13.3”,  15”  AND  17"  TFT  DISPLAY  SIZES 

Contact  us  for  more  information. 

www.recortec.com  1-800-729-7654  info@recortec.com 

Proudly  manufactured  in  the  U.S.A.  by 

RECORTEC,  INC. 

1620-A  Benyessa  Road  San  Jose,  Ca  95133  Tel:  (408)  928-1480  Fax:(408)729-3661 


Provide  4  or  8  V.90/V.34  data  and  fax  modems 
in  one  easily-installed  easily-configured  adapter. 

•  4  or  8-port  adapters 

•Scalable  to  32  ports  per  server^d^^ 

•  Lowest  CPU  utilization 
•Installs  in  minutes  yw 

•  Requires  no  interropts*>&^ 


Equinox  Multi-modem  Adapters  provide 
up  to  44%  savings  over  the  leading 
competitors  of  similar  products. 


4  Fax  server 
Dial  access 
Data  collection 
Modem  pooling 
Internet  access 


Call  1-800-275-3500,  ext.  615 
for  a  FREE  30-day  evaluation! 
or  Email:  sales@equinox.com 


For  more  infomation  on  Equinox  products  visit  our  website  at  -  www.equinox.ci 


Equinox  Dial  Access 


an  Avocent  Company 
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Sends 

SNMP 

Messages 


Monitors 

64 

IP  addresses 


BE  NOTIFIED  BEFORE  CRITICAL  EVENTS  TURN  INTO  DISASTER! 


Embedded 

Web 

Server 


Sends 

E-Mail 


Power 

Outage 


Internal 

UPS 


Microphone 

for  Sound 
Monitoring 


The  Sensaphone  IMS-4000  Infrastructure 
Monitoring  System  monitors  critical  environ¬ 
mental  and  network  elements  in  your  server 
room,  data  center,  or  telecomm  installation  and 
reports  to  you  instantly  when  events  threaten 
your  infrastructure.  The  IMS-4000  keeps  watch 
so  you  don't  have  to.  See  these  features  and 
more  on  the  web  at  www.ims-4000.com 


Tel:  877-373-2700 
wwyvJms-4000.com 


Phonetics,  Inc. 
901  Tryens  Road 
Aston,  PA  19014 


8  RJ-45  Sensor  Inputs 

(Temperature,  Humidity, 
Water,  Motion,  Power, 
Smoke/Fire) 


Eight  environment  inputs 
Power  sensing 
Monitors  64  IP  addresses 
Send  alerts  to  64  people 
8  methods  of  contact 
Calendar  scheduling 
Expands  to  256  sensors 
Remote  power  control 
Optional  camera 


Power 

Control 

Interface 


Ethernet 

Port 


Internal  Voice, 
Modem 
&  Pager  Port 


Instantly  Search  Gigabytes  of  Text 


dtSearch 


The  Smart  Choice  for 
Text  Retrieval®  since  1991 


"Superb  ...  a  multitude  of  high-end  features"  —  PC  Magazine 

"A  powerful  text  mining  engine  ...  effective  because  of  j. 
the  level  of  intelligence  it  displays"  —  PC  At  *  1 

"Very  powerful  ...  a  staggering  number  of  ways 
to  search"  —  Windows  Magazine 

"Impressive"  —  PC  Magazine  Online 

"A  tremendously  powerful  and  capable 
text  search  engine" —  Visual  Developer 

"Intuitive  and  austere  ...  a 
superb  search  tool"  —  PC  World 
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Fast,  precision  searching 

♦  over  two  dozen  text  search 
options 

♦  indexed,  unindexed,  fielded 
and  full-text  searching 

Organization-wide  reach 

♦  highlights  hits  in  HTML  and  PDF 
while  keeping  embedded  links 
and  images  intact 

♦  converts  other  file  types  —  word 
processor,  database,  spreadsheet, 
email,  ZIP,  XML,  Unicode,  etc.  — 
to  HTML  for  display  with 
highlighted  hits 

1 -800-IT-FINDS 
www.  dtsearch.  com 

sales@dtsearch.com 


Desktop 


Find  anything, 
anywhere, 
instantly  •  $199 


Spider 


Spider  and  search 
Web  sites  ♦  included 
with  all  products 


Network 

Search  the  many 
forms  of  data  that 
exist  across  a  large 
enterprise  network 

♦  from  $ 800 


Publish  a  searchable 
database  to  CD.  DVD 

♦  from  $2,500 


|  mped)*  M 

Text  Retrieval 
Engine 

Add  power 
searching  to 
a  product 

♦  extensive 
sample  source 
code  in  multiple 
programming 
languages 

•  from  $999 


Web 


Add  instant 
searching  to  your 
site  ♦  $999  per  server 


Stop  by  www.dtsearch.com 
for  30-day  evaluation  versions 


— 


The  Hub  of  the  Network  Buy 


Pay  Less  Get  Mare 


Phone:  800-439-8558  or  718-894-7500 


■  Cisco  Systems  ■  Extreme  Networks 

■  Juniper  Networks  ■  Foundry  Networks 

www.  digitalwarehouse.  com 

digital  warehouse 

Your  Information  Superhighway  Discount  Source @ 


•  Nortel  Networks 

■  Lucent  Technology 

■  Alcatel 

■  Riverstone  Networks 


56-29  56th  Drive,  Maspeth,  NY  1 1378  USA  Fax:  71 8-894- 1573 


$$$$$$$$$$$$$$$$$$$$$$$$$ 

WAItrSI?  "Iti  iiUY 

Networking  Products 
and  Services 

Over  170,000  qualified  subscribers 
of  Network  World  are  ready  to  buy. 

Call  today  to  place  your  ad  in  the  Marketplace! 
1-800-622-1108  ext.  6465 

$$$$$$$$$$$$$$$$$$$$$$ 


•  Nortel  Service  Contracts  •  Free  Technical  Support 

•  Nortel  Service  Renewals  •  Next-Day  Hardware 

Replacement 

•  Good  As  New  Gear, 

Same  as  New  Warranty 
-  at  Better  Than  New  Prices 

Refurbished  Specials: 

ASN/2-32mb  Refurbished  Advanced  Stack  Node  Bundle 

Indudes  AF0002E13-32mb  Redundant  Base  Unit 
lx  34000  Dual  Ethernet  lx  AF21 11005  Quad  Sync 
lx  AA001 1004  Fast  Packet  Cache,  lx  AF2104013  128  bit  Compression  Module 

Special  $2,995 

BayStack  350T-HD  (AL2012E10)  24  Port  10/100  switch 

Refurbished  Grades  may  vary.  "A"  Grade  sale  price  $350.00 

One  Year  Warranty 

As  Low  As  $150 

BayStack  450-24T  (AL2012E14)  24  Port  10/100  Stackable 

Special  $895 

Backbone  Router  Special-AC  1004005 

Returb  kit  indudes  Dual  100BT  with  the  Fast  FRE2-060-64mb 

Special  $3,249 

Dont  want  used?  Try  our  low  prices  on  new!  Call  Today! 

Call  for  Free  Quote! 

888-8LANWAN 

(888-852-6926)“  ««  - 

National  LAN  Exchange  •  WWW.nle.com 
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Tel:  408.727.1122  ReC^R^t 
Fax:  408.727.8002  technologies,  inc. 

343  1  DE  LA  CRUZ  BLVD.  SANTA  CLARA,  CA  95054 
WWW.RECURRENT.COM  INFO@RECURRENT.COM 


Network  Products 
and  Services  with 
Network  World's  Marketplace. 
Call  800-622-1108  ext.  6507 
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Boson  Training 

(813)  925-0700 
ww.bosontraining.com 
CCIE,  CCNP,  CSS1,  CCNA,  Cisco, 
wireless,  CISSP 


i  . . .  .i 


PMG  NetAnalyst 

(800)  645-8486 
J  www.NetworkTraining.com 
I  Network  Forensic  Analysis  and 
I  Security  Training  and  Services 

Learnkey Inc. 

(800)  865-0165 
www.learnkey.com 
Self-paced  online  CD  network 
certification  developer  bus/apps 


To  Place  Your 
Listing  Here 
Call  Enku  Gubaie 
at  1-800-622-1108 


Contact  these  companies 
today  to  help  you  with  your 
training  needs! 


For  more  information  on 
advertising  in  Network  World’s 
Marketplace  contact: 

Enku  Gubaie,  egubaie@nww.com 
800-622-1108  ext.  6465, 


SysteiM/F^m^emory 

cisTco 

EQUIPMENT 

Also  Available:  Wellfleet,  Bay,  Fore, 
Xylogics,  Livingston,  &  Ascend 

In  Stock  •  Fast  Delivery  •  No  Expedite  Charges 


COMSTAR,  INC. 

The  # 1  Network  Remarketer 

612*835*5502 

Fax  612*855-1927  E-Mail:sales®comstarinc.com 


We 

Buy 


& 


Since  1985 


Sell 


CISCO 


New  &  Used 
Fully  Guaranteed 
Overnight  Delivery 


■  Bl 


Se  habla  Espanol 
Wtr  sprechen  Deutsch 


800.451.3407 


90  Castilian  Drive,  Suite  110,  Santa  Barbara,  CA  93117 


Routers 
Switches 
Interface  Modules 
Access  Servers 
Accessories 


www.nEtworkhardwarE.com 

BUY  ONLINE 
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ETWORK  HARDWARE  RESALE 


WRCA.NET 

NEW  USED 

WorttfoM.  PrevMW  ol  t*«mon  Ha>dw.i.  Wnc.1981 

AUTHORIZED  RESELLER 
Access/Routers/Switches 
Cisco  Livingston  Ascend 
3Com  US  Robotics  Kentrox 
Adtran  BayNetworks  Xyplex 
Computone  Digital  Link 
Modems  /  DSU  /  Muxes 
IBM  UDS  Codex  Hayes  GDC 
Micom  Microcom  Paradyne 
ATT  MultiTech  Penril 
Racal  Telebit  Zoom 

WE  BUY  AND  SELL 
www.wrca.net 
800-699-9722 
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Get  More  for  Today's  Budget! 

Contact  BIZI 

to  SAVE  up  to  80%  easaff! 
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•  50-80%  Savings  off  Retail  List  Prices 

•  120-Day  Warranty 

•  100%  30  Day-Money  Back  Guarantee 

•  Large  Inventory,  Same  day  Shipping 

•  Supplying  Quality  Networking  Products 
for  Over  10  Years  with  In-House  Technical  Support 

Request  a  Quote  on-line  at: 

http://www.bizint.com  or  info@bizint.con 

(877)  438-2494 

or  (315)  458-9606  fax:  (315)  458-9493 
We  Buy,  Sell,  Trade  and  Lease... 


fm 


Your  {fatal  px/toura  si  sow  &  w ttfi 
pre-owuMl  MUnrifef  taripouh 


CISCO,  BAY/NORTEL,  3COM,  CABLETRON,  EXTREME,  FOUNDRY,  J 
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careers.com 


IT  CAREERS 


tip  tech-  gane  fas  change: 
>  cv»  ycu-  win.  hasn’t 


The  tech  game  can  change  all  it 
wants  to.  but  savvy  technology 
professionals  still  know  how  to  win 
with  Dice.  Show  change  who’s  the 
boss.  Visit  Dice.com  today. 


©2002  Dice  tnc 
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bis/ers fry  Jot  Fair 

Sponsored  By;  IbG  Recrol+taent  Solutions 

April  15, 2002 
Holiday  Inn  City  Centre 
300  E.  Ohio  St. 
Chicago,  IL 
2  PM  -  7PM 

Yoor  Future  Starts  Here! 

www.PICKDiversity.com 

Who's  Hiring?  FinaPSPGar'oup  WellMaik 
DaimlerChrysler  EXCEL/Cargill 


NOVELL 


Peoples  oft 
Consulting 

Allstate 

Raytheon  Andrew  Corporation  STARBUCKS  DesMoines 

Panasonic  Washington  Mutual  COFFEE  Partnership 

Allied  Insurance  CVS/PHARMACY  AND  MORE!! 
- - - - 


Every  day  hiring  managers  turn 
to  ITcareers.com  for  the  best  IT 
candidates.They  know  us  and 
they  know  we  can  deliver. 


If  you  want  a  better  challenge, 
we  challenge  you  to  find  a  better 
IT  career  site  thanlTcareers.com. 


IT 


Reading 
someone 
else's 
copy  of 
Network 
World? 


Apply  for  your  own 


subscription  go  to 

www.nwwsubscribe.com/pa 

and  subscribe  today! 


Week  after  week  NW  gives 
you  late  breaking  news  and 
in-depth  insights  on 
infrastructure,  carriers  and 
ISPs,  enterprise  applications, 
technology  updates  and 
management  strategies. 

Plus...  , 

•  Enterprise  level  product  testing 

•  Product  Buyers  Guides 

•  Management  surveys 

•  Signature  Series  Special  Issues 


Apply  for  your  FREE 
subscription  today 

www.nwwsubscribe.com/pa 


NetworkWorld 

DB  LEADER 

IN  NETWORK 

KNOWLEDGE 

hint  •  Online  ■  Events 

Computerworld  •  InfoWorld  •  Network  World  •  April  8,  2002 


© 


careers.com 


IT  CAREERS 


MILLIONS  OF 
READERS 

MILLIONS  OF 
SURFERS 


ONLY 
THOUSANDS 
OF  DOLLARS 

TOTAL  IMPACT 
TOTAL 
SAVINGS 

Put  your  message  in 
IT  careers  and 
ITcareers.com  and 
reach  the  world’s 
best  IT  talent. 


ITcareers 

where  the  best  get  better 
1-800  762  2977 

ITcareers.com 


Manager,  IT  Product  Marketing 
&  Support-Latin  America  wanted 
for  Manufacturer  of  PC  & 
Peripheral  Product  to  manage  & 
oversee  IT  product  marketing 
&  system  support  for  Latin 
American  market.  Bachelor 

Degree  or  Foreign  Degree 
Equiv.in  Electronics  Engineering 
&  4  yrs  of  exp.  as  Mgr.  Engineering 
Dept,  for  International  Computer 
Company.  Send  resume  to: 
Carlos  Jimenez,  ACER  Latin 

America  Inc.  1701  NW  87  Ave. 

Miami,  FI.  331 72. 

Ordusion  Technologies,  Inc, 
Atlanta,  has  immediate  multiple 
openings  for  experience  Pro¬ 
grammer/Analysts,  S/W  Engineers 
and  DBAs  in  the  following:  VB, 
VC++,  JAVA,  HTML,  ASP, 
Informix,  Oracle,  Sybase,  CRM/ 
financials/other  commercial  soft¬ 
ware  packages,  web/wireless/ 
internet  technologies,  Systems/ 
DB  administration  etc.  BS/MS 
degree  (or  foreign  equiv)  required. 
Highly  competitive  salaries,  travel/ 
relocation  required.  Send  resumes 
to  3883  Rogers  Bridge  Road, 
Suite  504,  Duluth,  GA  30097. 

PROGRAMMER  ANALYST/ 
SOFTWARE  ENGINEERS: 

Saitech  Corp,  located  in  Jeffer¬ 
son  City,  MO  is  currently  seeking 
individuals  to  design  and  ana¬ 
lyze  programming  applications 
using  COOL:GEN/IEF;  Develop, 
test  and  maintain  applications 
using  Cobol  and  DB2.  Experience 
in  Child  Support  systems  is 
a  plus.  Requires  MS/BS  or 
equivalent  and/or  relevant  work 
experience.  Part  of  the  relevant 
experience  would  include  one 
year  using  COOL:GEN/IEF  and 
DB2.  Mail  resume,  transcripts, 
references  and  salary  require¬ 
ments  to  Saitech  Corp.,  1200 
Duane  Swift  Pkwy.,  #A5,  Jefferson 
City,  MO  65109. 

Software  Engineers/Software 

Consultants/Programmer  Ana¬ 
lysts/Systems  Administrators  (all 

multiple  positions)  sought  by 

computer  s/w  consultancy  firm  in 

North  Brunswick,  N.J.  Must  have 

Bach  in  Comp  Sci.,  Engg  or 

equiv  and  one  yr  relevant  exp. 

Respond  to:  HR  Dept,  B2B 

Technologies,  Inc.,  201  North 

Center  Drive,  North  Brunswick, 

NJ  08902. 

Quantitative  Business  Analyst 

sought  by  NJ  based  Securities 

Dealer.  Must  possess  Master's 

degree  or  equivalent  in  Computer 

Information  Technology  or  directly 

related  field  and  2  years  exp. 

in  software/systems  development 

and  design.  Respond  to:  Human 

Resources  Department,  Knight 

Trading  Group,  Inc.,  525  Wash¬ 
ington  Blvd.,  Jersey  City,  NJ 

07310. 

Senior  Systems  Engineer  needed 
to  investigate  and  resolve  com¬ 
puter  software  problems  of 
end-users.  Will  be  able  to  trace 
source  of  errors,  such  as  SAP 
software  configuration,  hardware 
configuration  or  web-server 
configuration.  Requirements: 
BE  in  computer  science,  elec¬ 
tronics  or  information  technology 
along  with  significant  experience 
in  the  job  offered  or  demonstrated 
experience  providing  high-level 
technical  support.  Send  re¬ 
sumes  to  Human  Resources  at 
(713)  952-9877. 

Systems  Analyst  wanted  by  NJ 
based  Co  for  job  loc  throughout 
the  US.  Must  have  Bachelor's 
degree  in  Comp.  Sc.  or  Engg.,  3 
yrs.  of  s/ware  exp.  &  proficiency 
with  VB,  ASP.  XML,  SQL  Server. 
Respond  to:  Netcom  Systems, 
Inc.,  200  Metroplex  Dr.,  3rd  fl„ 
Edison,  NJ  08817.  (Ref.  GG 
81 83).  No  phone  calls. 

Wireless  sftwr  engr  with  exp  in 
embedded  Systems  and  RDBMS. 
Req:  MS  in  Comp  Sci  or  rel  fid 
with  2+yrs  exp  in  design/devel¬ 
opment  embedded  wireless 
software  using  eVC++,  eVB,  ATL 
COM,  ADOCE,  and  CDPD; 
extensive  knowledge  of  WinCE 
and  Pocket  PC,  RTOS,  network 

com  protocols,  and  device  inter¬ 
facing  technology.  Please  send 
reusme  to  HR,  Advanced  Digital 

Data,  Inc.,  6  Laurel  Drive, 
Flanders,  NJ  07836. 

Geoscience  Programmers  wanted 

to  develop  &  enhance  geo¬ 
science  software  using  C++  & 

MFC,  specifically  applies  to 

seismic  data  interpretation  & 

modeling.  Multiple  positions. 

Master  Degree  in  Science/Engi¬ 
neering  &  1  yr  programming  or 

related  exp.  Send  resume  to 

Seismic  Micro-Technology,  Inc., 

8584  Katy  Freeway,  Suite  400, 

Houston,  TX  77024. 

Sr.  Systems  Analyst  wanted  by 

NJ  based  Co  for  job  loc  through¬ 
out  the  US.  Must  have  Master's 

degree  in  Comp.  Sc.  or  Engg.,  3 

yrs.  of  s/ware  exp.  (for  Wireless 

Communication)  &  proficiency 

with  Bluetooth,  UPnP,  WAP,  JINI 

&  JDBC  Driver,  C++,  JAVA  & 

Visual  Basic.  Respond  to:  Atinav, 

Inc.,  100  Franklin  Sq.  Dr.,  Ste. 

#304,  Somerset,  NJ  08873.  (Ref. 

GG  8073).  No  phone  calls. 

Computer  Professionals  needed 

w/exp  in  performing  database 

administration  using  Oracle 

Applications  (ERP)  on  Unix 

operating  system,  Developer 
2000,  Designer  2000,  PL/SQL, 

SQL'Loader,  SQL'Plus,  Pro'C, 

Oracle  Discoverer.  Support  & 

conversion  of  Unix  based  Paybill 
Application  to  Oracle  Applications. 

Apply  to:  Select  Appt.  North 

America,  60  Harvard  Mills 

Square,  Wakefield,  MA  01880. 

IL  Wholesaler  of  Jewelry  seeks 
Web  Design  Analyst  to  develop, 
design  and  oversee  the  operation 
of  the  system;  research  and 
analyze  Web  sites;  confer  with 
management  to  plan  content, 
security;  use  research  analysis 
to  build  prototypes;  test  system; 
select  software  codes  and 
maintain  system/troubleshoot. 
Bachelor's  Degree  in  Electronics 
Engineering  or  equiv  based  on  a 
cred.  eval.  Min  exp.  req.  3 
months  in  job  or  job-related. 
Exp.  must  include  use  of  Oracle, 
Java  &  Windows  NT.  Travel  re¬ 
quired.  Resumes  to  GM  Raju 
Jewelers  USA,  Inc.,  330  E.  Roo¬ 
sevelt  Rd.,  Ste.  3G.  Lombard,  IL 
60148.  No  Calls.  EOE. 

Need  Sr  Software  Engineer  to 
manage  teams  to  design/develop 
client  server/internet  appls  using 
HTML,  XML,  JavaScript,  ASP. 
VB,  Oracle,  SQL,  etc  under  Unix 
&  Windows  OS;  lead  teams  in 
testing  large,  complex  S/W  appls 
to  automate  business  processes 
using  various  testing  tools;  interact 
with  end  clients  and  evaluate 
team  members.  Require  MS  in 
CS  or  Engineering  (any  branch) 
with  3  yrs  exp  or  a  BS  or  foreign 
equiv  in  any  of  the  above  with  5 
yrs  of  relevant  progressive  expe¬ 
rience  in  IT.  Highly  competitive 
salary.  60%  traveling  involved. 
Send  resume  to:  InfoSmart Tech¬ 
nologies,  Inc.  385  Leatherman 
Ct.  Alpharetta,  GA  30005 

Oracle  Developer  for  NJ  based 
Organization.  Must  have  a 
Bachelor's  degree  in  Comp.  Sc., 
Engg.,  3  yrs  of  exp  in  job  duties 
or  Comp.  S/W  dev.  and/or 
consulting  and  proficiency  in 
Oracle  and  its  tools.  Respond  to: 
Mr.  Jose  Montanez,  MIS  Dept., 
Operating  Engineers  Local 
825  Apprentice  Training  and 
Retraining  Fund,  65  Springfield 
Ave.,  Springfield,  NJ  07081. 
(Ref:  GG8133IM)  No  phone 

calls. 

Database  Developer  sought  by 

NJ  based  Securities  Dealer. 

Must  possess  Master's  Degree 

or  equivalent  in  Information 

Systems  Technology  or  directly 

related  field  and  2  years  exp.  in 

software/systems  development 

and  design.  Respond  to:  Human 

Resources  Department,  Knight 

Trading  Group,  Inc.,  525  Wash¬ 
ington  Blvd.,  Jersey  City,  NJ 

07310. 

A  new  miilenium,  a  new  solution.  ITcareers. 
Call  Janis  Crowley  at  1-800-762-2977  #IDG 

Recruitment  Solutions 


Engineers 

Chief  Architect  to  oversee  product 
development,  optimization  and 
marketing  of  XML  &  Java-based 
enterprise  software.  Requires 
2  years  of  mgmt-level  exp.  in 
full-cycle  development  using 
XPath,  JCA,  &  JTA  Transaction 
Managers  technologies  for  dis¬ 
tributed  enterprise  software. 
Vice  President,  Engineering  to 
manage  the  development  of 
enterprise  software  for  business 
process  mgmt,  workflow  mgmt, 
web  interface  and  application 
servers.  Requires  4  years  of 
mgmt-level  exp.  in  full-cycle 
development  using  J2EE  Trans¬ 
action  Managers  technologies, 
developing  distributed  workflow 
mgmt  systems  in  Java,  &  devel¬ 
oping  XML  frameworks  for 
web-based  user  interfaces. 

IT  Manager  in  charge  of  network 
strategy  and  security.  Requires  2 
years  of  exp.  in  network  security 
mgmt.  using  IP  filtering  (high-level 
firewalling),  TCP/IP  encryption 
and  security,  and  BSD  sockets. 
All  positions  require  Bachelor's 
degree  (or  equivalent  work  ex¬ 
perience)  in  Engineering,  Com¬ 
puter  Science,  Mathematics,  or 
a  related  field. 

Send  resume  to:  Human 
Resources,  Intalio,  Inc.,  1900  S. 
Norfolk  St.,  Suite  290,  San 
Mateo,  CA  94403. 


Sr.  Software  Engineer.  Respon¬ 
sible  for  designing,  implementing 
&  developing  components  for 
company's  manufacturing  prod¬ 
ucts.  Analyze  high-level  product 
specifications  &  detail  design 
documentation  &  procedures 
for  application  development  & 
architecture  specifications  in 
client-server  environment  using 
Visual  C++,  C++,  UNIX/NT, 
Java/VB  Script,  Oracle/SQL 
database,  MFC  configuration, 
management,  COM/DCOM/ 
COM++,  COBRA  ORB  technolo¬ 
gy.  Must  have  Bachelor's  degree 
in  Computer  Science,  Electrical/ 
Electronic  Engineering  or  related 
field.  Foreign  degree  equivalent 
accepted.  Must  have  5  yrs.  exp. 
in  job  offered  or  position  w/same 
duties.  Salary:  $92,975.  Send 
resume  to  Jim  Pearce,  THRU-PUT 
CORPORATION,  2099  Gateway 
Place,  Suite  240,  San  Jose,  CA 
95110. 


Programmer  Analyst 
Design/implement  healthcare 
apps  with  VB  5.0/6.0/NET,  Access 
97/2000,  Com,  Dcom,  SQL 
Server  2000,  Crystal  Reports 
and  health  care  processes  in¬ 
cluding  patient  admission,  state/ 
federal  mds,  case  mix,  care 
planning,  physician  order,  infec¬ 
tion  control,  security  systems, 
payor  source/payor  plans,  mobile 
medical  device  apps,  healthcare 
billing/accounting  and  medical 
data  sharing  systems  with  3rd 
parties,  and  communication 
apps  for  health  care  workers. 
Prevailing  wage.  BS  Comp.  Sc. 
(or  foreign  equiv.)  with  2  yrs  exp. 
including  1  yr.  exp.  in  developing 
above  specified  applications 
using  above  tools.  Respond  to 
Geoff  Marsh,  Horizon  Healthcare 
Technologies,  12101  Woodcrest 
Executive  Drive,  Suite  201,  St. 
Louis,  MO-63141.  EOE. 


♦ 


Programmer  Analyst 
"Web  enable"  mainframe  apps. 
to  facilitate  EDI  using  Web¬ 
sphere,  Cold  Fusion,  ASP, 
Apache  &  related  Web  Servers, 
Cobol,  DB2,  CICS,  VB,  C,  Java  & 
related  tools,  Oracle,  SQL  Serv¬ 
er,  CSS,  XML  and  XSL  and 
Peregrine.  Employer  is  a  consult¬ 
ing  company  and  position  re¬ 
quires  travel.  Prevailing 
wage/benefit.  Respond  to:  Atten¬ 
tion:  Guy  New,  Jolig  Consulting, 
Inc.,  1311  Buckingham  Place, 
Richardson,  TX  75081.  EOE. 


Senior  Software  Engineer  sought 
by  home  satellite  design  &  man¬ 
ufacturing  company  in  Littleton, 
CO  to  work  in  Littleton  &  other 
unanticipated  job  sites  in  the  US. 
At  a  senior  level,  engage  in  full 
life-cycle  software  development 
of  applications  which  manage 
internal  processes.  The  software 
applications  are  developed  in  a 
client/server  platform  &  incorpo¬ 
rate  relational  database  man¬ 
agement  systems,  especially 
Oracle;  they  run  on  UNIX  &  Win¬ 
dows  NT  operating  systems. 
Analyze  requirements  &  create 
designs.  Code,  test,  debug  & 
enhance  the  software  applica¬ 
tions.  Complete  implementation 
of  the  applications  &  provide 
subsequent  user  support  &  trou¬ 
bleshooting.  Prepare  related 
documentation.  Use  program¬ 
ming  languages  C,  Pro-  C  & 
PL/SQL;&  a  variety  of  tools 
including  Developer  2000, Oracle 
HR  applications, &  SQL  Loader 
in  the  design  &  development 
process.  Requires  Master's  or 
equivalent-specifically,  a  master's 
degree  or  foreign  equivalent  in 
computer  science  or  related  field 
plus  three  years  of  progressive 
experience  in  developing  soft¬ 
ware  applications  in  a  client/ 
server  environment;  or  a  bache¬ 
lor's  degree  or  foreign  equivalent 
in  computer  science  or  related 
field  plus  five  years  of  progres¬ 
sive  experience  in  developing 
software  applications  in  a  client/ 
server  environment;  Working 
knowledge  of  Oracle  Relational 
Database  Management  Systems, 
Developer  2000  &  PL/SQL.  8am- 
5pm,  M-F;  $73, 235/year;  Re¬ 
spond  by  resume  to  James 
Shimada,  Colorado  Department 
of  Labor  &  Employment,  Em¬ 
ployment  &  Training  Division, 
Tower  II,  #400,1515  Arapahoe, 
Denver,  CO  80202, &  refer  to  Job 
Order  Number  C05014400. 


Software  Development  Engineer 
sought  by  company  in  Louisville, 
CO  to  work  in  Brooklyn  Park,  MN 
&  other  unanticipated  job  sites 
in  the  US.  For  a  company  that 
manufactures  and  distributes 
computer  storage  devices,  par¬ 
ticipate  in  full  life-cycle  software 
development,  focusing  on  the 
design  and  development  of  soft¬ 
ware  applications  for  a  systems 
health  monitoring  software  pack¬ 
age.  Using  Shlaer-Mellor  graph¬ 
ical  OOA/OOD  methodology, 
UNIX  and  C++,  design  and 
develop  software  that  monitors 
the  overall  health  of  a  multi¬ 
processor  computer  system. 
Analyze  and  define  the  require¬ 
ments  for  a  particular  software 
application  or  product,  then 
create  designs  and  design  doc¬ 
umentation  for  the  software  and 
later  code,  test  and  debug  the 
particular  software  application. 
Develop  methodologies  for  the 
storage  and  management  of 
data  using  DCS  (data  collection 
service  domain).  Requires  Bach¬ 
elor's  in  comp.  sci.  or  comp,  eng.; 
2  yrs.  as  a  software  engineer  in 
the  data  storage  industry;  Work¬ 
ing  knowledge  of  DCS,  C++  and 
UNIX  (working  knowledge  may 
be  gained  through  employment 
experience  or  in  an  academic 
program).  8am-5pm,  M-F; 
$71 ,455/yr.  Respond  by  resume 
to  James  Shimada,  Colorado 
Department  of  Labor  &  Employ¬ 
ment,  Employment  &  Training 
Division,  Tower  II,  #400,  1515 
Arapahoe,  Denver,  CO  80202,  & 
refer  to  Job  Order  Number 
C05015209. 


Venturi  seeks  IS  Admin,  for 
Kirkland  office.  DESC:  Dsgn, 
impl,  &  admin.  RDBMS  &  rel.  c/s 
&  middleware  apps.  util.  SQL,  C, 
Java,  SGML/XML,  Peri,  PHP,  & 
Unix  Shell.  Prov.  TCP/IP  netwk 
admin.  &  sup.  Dsgn  &  impl.  LAN 
&  WAN.  Prov.  UNIX  sys.  admin, 
sup,  &  rel.  s/w  dev.  Prov.  Internet 
&  sys.  security  util  firewall, 
encryption,  &  authentication 
techs.  REQ:  BS  in  Ertgr,  CS, 
Math,  or  Phys  +  2  yrs  exp.  >n 
duties  listed  above.  Prem.  sal  + : 
benes.  Pis.  reply  to  J.  Ki.ng,  Job  ( 
#CCL-88,  1 1255  Kirkland  Way,  i 
Kirkland,  WA  98033 
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INFORMATION 
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....  OPPORTUNITIES 

The  Gillette  Company  is  the 
work!  leader  in  more  than 
a  dozen  consumer  product 
categories.  Global  World  Class 
operations  are  increasingly 
dependent  on  Information  Tech¬ 
nology  Exciting  opportunities 
exist  in  global  business  process 
integration  initiatives.  We  are 
currently  seeking  the  following 
highly  qualified  professionals  to 
join  the  Gillette  IT  team  in  the 
Boston  area. 

The  following  positions 
commonly  require  a  Bachelor's 
degree  (or  equivalent)  in 
Computer  Science,  MIS, 
Business  Admin.,  or  similarly 
relevant  field,  and  3-5  years 
relevant  experience. 

/  Staff  Programmer  Analysts 

!  (SAP)  Staff  Basis  Adminis- 
trators/Con-figuration- 
Integration  Specialists/ 
Application  Developers 

I  Data  Warehouse  Architects/ 
Developers/Database 
Administrators 

I  Telecommunications 
Analysts 

Starting  salaries  range  from 
$56,100  to  $119,000  per  year, 
together  with  paid  vacation, 
medical,  dental,  life  and  disability 
insurances,  and  other  industry- 
competitive  benefits. 

Please  email  resume  to: 
www.Gillette.com. 

The  Gillette  Company  is  an 
equal  employment  opportunity 
employer 


IT  Developer  in  Charlotte,  NC, 
First  Union/Wachovia  Corp. 
Provide  cust.  info.  tech,  solutions, 
advise  customers  on  alternatives 
to  target  business  needs  &  write 
project  reqs.,  test  scripts.  Pos. 
will  work  weekends  &  holidays, 
also  carries  pager  24/7  for  prod, 
problems.  Reqs.  BS  in  Comp. 
Science  or  Eng  or  its  equiv.  (any 
suitable  combination  of  educ., 
training  or  exp.  is  acceptable)  & 
2  yrs  exp.  in  the  pos.  offd.  or  as 
Business  Conslt.,  System  Dvlp. 
or  Software  Eng.  In  lieu  of  a  BA 
and  2  yrs.  exp.,  the  employer  will 
accept  4  yrs  exp.  as  a  Systems 
Dvlp.  2  yrs  of  reqd.  exp.  must  ind. 
asset  mgmt.  statement  system 
proc.  working  w/  COBOL  MVS  in 
a  mainframe  envir.  &  must  incl. 
work  w/  Easytrieve  Plus,  JCL  & 
VSAM.  1  yr  of  reqd.  exp.  must 
incl.  exp.  analyzing  brokerage 
transactions  ind.  trades,  dividends 
&  other  taxable  transactions. 
40hrs/wk,  $41 K-  $69K,  Send  re¬ 
sume  &  cvr.  Itr.  to  Geri  Henderson, 
401  South  Tyron  Street,  NC 
0745,  Charlotte.  NC  28288-0475. 


F/T  Technical  Architect.  Provide 
technical  &  architectural  solutions 
for  the  design,  development 
&  enhancements  of  company 
products  &  object  oriented 
analysis  &  design  of  client  appli¬ 
cations  using  UML.  Make  rec¬ 
ommendations  re:  software/ 
hardware,  system  environments 
&  develop  capacity  plans.  Assist 
w /  performance  monitoring,  trou¬ 
bleshoot  technical  problems, 
installation  &  testing  working  w/ 
SQL,  SQL  Server  &  Oracle  data¬ 
bases.  Evaluate  clients'  business 
requirements  &  create  technical 
design  spedfications  for  software 
enhancements,  conversion  strate¬ 
gies  &  provide  conversion  sup¬ 
port.  Work  w/Java.  Java  Beans, 
Swing,  VisualAge,  ClearCase, 
ClearQuest  &  CORBA  Must  have 
Bachelor's  degree  in  CS  or 
related  field  Foreign  degree 
equivalent  accepted.  Must  have 
2  yrs  exp  in  job  offered  or 
position  w /  similar  duties.  Send 
resume  to  Betsy  Moya.  Schlum- 
bergerSema,  701  Waterford 
Way,  Ste  300.  Miami,  FL  33126. 


BAAN  CONSULTANT 

Analyze  &  evaluate  existing  or 
proposed  software  systems. 
Dvlp.,  implement  &  improve 
programs,  systems  &  related 
procedures  to  process  data 
using  in-depth  knowledge  of  the 
systems  dvlpmt  life  cycle  Encode, 
test,  debug  &  install  operating 
programs  &  system  software 
utilizing  knowledge  of  Baan  ERP 
tools  and  prog.  lang.  Performs 
functional  definition  and  tech, 
realization/customization  of  Baan 
software.  B.S.  (or  equivalent)  in 
Comp.  Sci.,  Math.  Engrg.,  Busi¬ 
ness  or  Commerce  plus  2  yrs. 
exp.  in  either  job  offered  or  as 
Programmer  Analyst,  Software 
Engr.  or  Sys.  Analyst  rqd.  Expe¬ 
rience  must  include  use  of  Baan 
ERP  tools  (spec.  Baan  Manu¬ 
facturing,  Baan  Distribution  and 
Baan  Finance).  High  mobility 
preferred.  40  hrs/wk,  8  am  -  5 
pm.  $70,000/yr.  Qualified  appli¬ 
cants  report/submit  resume  to: 
Manager,  Washington  County 
Team  PA  CareerLink,  Millcraft 
Center,  Suite  150LL,  90  West 
Chestnut  St„  Washington,  PA 
15301-4517.  Refer  to  Job  Order 
No.  WEB235003. 


Programmers  &  Software  Engi¬ 
neers 

Design,  develop,  test  and  imple¬ 
ment  specialized  software  apps 
using  (a)  IIS5.0,  Clarify,  XML, 
VB.  ASP,  C,  C++,  CDO.  MTS. 
SQL  Server,  Oracle  &  related 
tools  in  Sun  Solaris/NT/UNIX; 
(b)  Citrix  ASP,  IIS,  SQL  Server, 
DB2,  Oracle/related  tools,  VB, 
ASP,  Pro'C,  Web  methods,  Citrix 
XPS,  XML  in  Sun  Solaris  NT/ 
2000:  (c)  Clarify,  Clarify  modules 
&  tools-CB  Exchange,  DDE, 
UIE,  Clear  Basic,  VB,  Unix  Shell 
Scripts  in  Oracle/related  tools, 
SQL  Server,  reporting  tools  in 
Sun  Solaris/NT/2000;  (d)  Web 
Logic,  XML,  EJB,  JDBC,  Java, 
Servlets,  Cold  Fusion,  C,  C++, 
Pro'C,  Oracle,  Sybase,  SQL 
Server  and  related  tools,  Utilities 
in  RS  6000,  Solaris,  NT/2000. 
Consulting  positions  requiring 
extended  travel.  Prevailing  wage/ 
benefits.  Send  resume  to  Dale 
Blake,  GPTS,  3250  Peachtree 
Industrial  Blvd.,  Suite  203,  Duluth, 
GA  30096.  EOE. 


Onsite  Companies,  Inc.  has  mul¬ 
tiple  openings  for  Engineering 
Programmer  -  convert  engineering 
problem  formulations  to  format 
processable  by  computer;  resolve 
symbolic  formulations,  prepare 
flow  charts  and  block  diagrams 
and  encode  resultant  equations 
for  processing  by  applying 
principles  of  engineering;  confer 
with  other  engineering  and 
technical  personnel  to  resolve 
problems  of  intent,  inaccuracy,  or 
feasibility  of  computer  processing; 
and  enter  program  into  computer 
system;  and  use  any  one  (1)  or 
more  of  the  following"  l-DEAS 
and/or  Algor  FEA.  Req's.  Bach’s 
in  CS,  Systems  Analysts,  CIS, 
MIS,  Business  Admin,  Comp. 
Applications,  Comp.  Engg.. 
Electrical  Engg.,  Electronic 
Engg.,  Mech  Engg.,  Civil  Engg., 
Industrial  Engg.,  Industrial 
Management  &  Technology, 
Physics,  Statistics  or  Math  or  its 
foreign  edu.  equiv.  Attn:  G8102 
TEKsystems,  Inc.  has  multiple 
openings  for  Programmer  Analyst 
-  Analyze,  design,  develop,  test 
and  implement  computer  appli¬ 
cations  using  one  (1)  or  more  of 
the  following:  Visual  Basic,  Crystal 
Reports,  Oracle,  Windows  NT, 
IIS,  ColdFusion,  JavaScript, 
HTML,  DHTML  and/or  MS  Access 
Req's.  Bach  s  in  CS,  Systems 
Analysis,  CIS,  MIS,  Information 
Systems,  Comp  Applications, 
Comp.  Engg..  Electrical  Engg., 
Electronic  Engg.,  Mech  Engg., 
Physics,  Statistics  or  Math  or  its 
foreign  edu.  equiv  Attn:  G62802 
Frequent  relocation  may  be 
necessary.  Send  resume  to  J. 
Bngham.  6992  Columbia  Gateway 
Dr.,  Columbia.  MD  21046. 


Database  Analyst/Dvlp.  in 
Charlotte,  NC,  Wachovia  Corp. 
Resp.  for  dvlp.  &  support  of  the 
NightlyBox  batch  appl.  &  LOGOS 
report  appl.  for  the  Trade  Oper. 
Group.  Reqs.  BA  in  Comp. 
Science  or  rel.  disc.  &  2  yrs.  exp. 
in  pos.  offd.  or  as  Software  Cons, 
or  System  Analyst.  The  2  yrs  of 
reqd.  exp.  must  incl.  new  appl. 
dvlp.  in  batch  &  online  envir., 
conversion  of  specs,  into  program 
code,  testing  &  prod,  implemen¬ 
tation.  1  yr  of  reqd.  exp.  must  incl. 
work  using  rel.  databases  in  Unix 
env„  SQL  prog.,  bulk  data  load 
utilities,  Unix  scripting  lang.  & 
AutoSys  job  sched.  tool.  40hrs/ 
wk,  $67K-$90K,  Send  resume  & 
cvr.  Itr.  to  Sabrina  Miller,  301 
South  Tyron  Street,  NC  0953, 
Charlotte,  NC  28288-0953. 


SR.  BASIS  ENGINEER  (SAP) 

to  analyze,  design,  develop  and 
implement  customized  software 
specifically  for  SAP  R/3;  Plan 
and  execute  installations,  up¬ 
grades  and  system  patches  in  a 
SAP  R/3  environment;  Perform 
system  monitoring,  database 
admin.,  administration  of  change 
mgt,  client  mgt.  and  system  se¬ 
curity;  Provide  support  for  inter¬ 
faces  and  ABAP  programming 
environments;  Perform  duties 
using  SAP  Basis  and  Oracle 
on  Windows  NT  and  UNIX  plat¬ 
forms.  Req:  Bach.  deg.  (or  foreign 
equiv.)  in  Comp.  Sci./Engg,  or  a 
closely  related  field,  with  4  yrs. 
exp.  in  the  job  offered  or  as  a 
SAP  BASIS  Conslt.  or  BASIS 
Engg/Architect.  Prior  exp.  must 
include  3  yrs.  using  SAP 
BASIS.  Competitive  salary  and 
benefits.  Send  resume  to:  Pieter 
Badenhorst, Texperts,  Inc.,  7740 
Roswell  Rd..  Suite  600E, 
Atlanta,  GA  30350 


Manufacturing  Software  Engineer: 
Owing  Mills,  MD.  Assist  Smart- 
card  eng.  mgr,  to  design/develop 
software  to  interface  custom 
machines  and  to  manage,  move 
and  manipulate  datafiles.  Interface 
with  international  team.  Direct 
factory  support  is  required.  Req.: 
B.S.  in  CS  or  EE  and  working 
knowledge,  through  academic 
coursework  or  experience,  of 
HMI,  VB6,  SQL,  NT  Server  and 
Oracle  7/8.  Salary:  $53-55K/yr. 
DOE.  Resume  to:  Gaye  Sauer, 
SchlumbergerSema,  9800  Reis- 
terstown  Rd.,  Owing  Mills,  MD 
21117. 


Software  Engineer  wanted  by 
Information  Technology  Co  in 
Piscataway,  NJ.  Must  have 
Master's  Degree  or  Equivalent  in 
Comp  Sci,  Math  or  Electrical 
Engg  &  2  yr  exp.  Respond  to: 
Samsung  SDS  America,  Inc., 
15  Corporate  Place  South, 
Piscataway,  NJ  08854.  Fax: 
732-465-4406. 


Synergy  America,  Inc.  has 
multiple  openings  available  for 
Prog/Sys  Anal,  S/W  Engineers, 
DBAs  and  Sys  Admin  to  design/ 
develop  applications  in  some  of 
the  following  areas:  VB,  VC++, 
Cobol,  SQL,  Java,  HTML,  Oracle, 
Informix,  Sybase,  Internet  and 
wireless  technologies,  Windows, 
UNIX.  All  positions  req  BS/MS  or 
foreign  equiv  in  Comp  Sci,  Sci¬ 
ence,  Engg  or  Business.  Combi¬ 
nation  of  edu  and  exp  will  be 
accepted.  Highly  competitive 
salaries  &  benefits.  Travel/ 
relocation  req.  Resumes  to:  HR, 
1565  Woodington  Circle,  Suite 
101 ,  Lawrenceville,  GA  30044. 


Software  Engineer  to  analyze, 
design,  develop,  test  and  imple¬ 
ment  Intranet  Billing  System  and 
mission  critical  development 
projects  using  C,  Oracle,  Visual 
Basic,  SQL  Server  etc;  maintain 
and  support  client/server,  internet/ 
intranet  apps  using  Java, 
HTML,  JavaScript,  JSP  and  Java 
Servlets:  perform  requirements 
analysis,  problem  analysis,  solu¬ 
tion  design,  implementation  and 
documentation  on  developed 
applications;  perform  debugging 
and  modifications  on  existing 
software.  Require:  M.S.  or  for¬ 
eign  equiv  in  CS/Engineering 
(any  branch)  or  related  field 
with  1-year  exp.  in  the  job 
offered.  Competitive  salary. Travel 
required.  Resumes  to,  Intercall 
Inc,  Attn:  Bala  -  Director,  1718 
Peachtree  Street,  NW,  STE  554, 
Atlanta,  GA  30309 


Network  Administrator  (Atlanta, 
GA):  Install,  configure  &  support 
Cisco  routers.  Support  &  monitor 
organization's  Local  Area  Network 
(LAN),  Wide  area  network  (WAN) 
&  Voice  over  IP  network  using 
Netcool  SNMP  NMS.  Maintain 
Network  hardware  &  software. 
Maintain  &  ensure  network 
availability  to  all  system  users; 
Monitor  &  test  DS1  &  DS3 
circuits  w/  local  LECs  for  data  & 
voice  communication;  Monitor 
overall  SS7  network  using  INET 
iRemote  software.  Req.  Bachelor's 
in  C.S.,  C.  Engg  or  other  closely 
related  field  +  2yr.  exp.  in  job 
offered.  Resume  to:  HR  Dept;  job 
code  DBCW0405  Cbeyond 
Communications,  320  Interstate 
North  Pkwy,  S.E.,  Ste  300, 
Atlanta,  GA  30339 


Software  Engineer  needed 
w/exp  to  design  &  customize 
GEMMS  &  Oracle  Fin.  applic., 
perform  DBA  operations  &  client 
server  database  applications 
using  Oracle'FORMS,  PL/SQL, 
C/C++,  PRO'C,  Perl,  CGI 
scripts,  GEMMS  APIs,  Oracle 
RDBMS,  Unix,  Linux  &  Windows 
environment.  Send  resumes  to: 
NFE  Technologies,  Inc.,  250 
Dominion  Dr.,  Morrisville,  NC 
27560. 


Senior  Consultant:  Design,  dev., 
test  &  implement  apps  using  C, 
C++,  Java,  VB,  Oracle,  Unix, 
JSP,  Java  Script,  AutoCAD  & 
ANSYS.  Dev.  optimization 
tools/scripts  &  Intra-net  web 
pages  to  support  devmt.  Req'd 
MS  in  Comp.  Sci.  or  Engineering 
+  3  yrs.  exp.  in  similar  duties. 
Apply  w/covltr/res  to:  President, 
Gadiraju Technologies,  Inc.,  138 
Ketcham  Road,  Bellemead,  NJ 
08824. 


PROGRAMMER.  SENIOR 
sought  by  NJ  based  Securities 
Dealer.  Must  possess  Master's 
Degree  or  equivalent  in  Engi¬ 
neering/Telecommunications  or 
directly  related  field  and  2  years 
exp.  in  software/systems  devel¬ 
opment  and  design.  Respond  to: 
Human  Resources  Department, 
Knight  Trading  Group,  Inc.,  525 
Washington  Blvd.,  Jersey  City. 
NJ  07310. 


Programmer/Analyst  / 

Software  Engineer 
Software  Art  Corp.,  a  software¬ 
consulting  firm,  requires  soft¬ 
ware  professionals  with  demon¬ 
strated  hands-on  experience  in 
the  following: 

Client  Server:  PowerBuilder/C++/ 
Oracle/Sybase/Windows/Unix 
DBA:  Oracle/Sybase 
Mainframe:  COBOL/CICS/DB2 
Internet  Computing:  JAVA/ 
CORBA/XML,  JAVA  Websphere/ 
Weblogic,  SAS  Programmer 
QA  Testers,  Manugistics 
IT  Project  Leader 

Send  resume  to: 

Software  Art  Corporation 
2304  Brunswick  Ave, 

Lawrenceville  NJ  08648 
609-394-8001 
hnasoftwareart.com 

or 

27  Water  Street, 
Wakefield  MA.  01880 
www.softwareart.com 

nickvQsoftwareart.com 


Programmer  Analyst,  Sr.- 
Responsible  for  programming  in 
data  warehousing,  including 
extracting,  transforming  loading 
&  reporting.  Perform  ERP  systems 
&  SQL  UNIX  scripting  to  automate 
different  processes.  Must  have 
Masters  degree  in  Computer 
Science,  Physics  or  Engineering 
or  Bachelors  degree  in  Computer 
Science,  Physics  or  Engineering 
plus  2  yrs  experience. Please  fax 
resumes  to  MECA  Recruiting: 
201-392-6007. 


Software  Engineers  &  Program¬ 
mers.  "Web  enable"  legacy 
applications  to  facilitate  EDI, 
e-commerce  and  communication 
using  ADABAS,  Cobol,  VB, 
FANTM,  ION,  VPN,  ADA-SQL, 
ASP,  Oracle  and  related  tools. 
Prevailing  wage  &  benefits. 
HR,  Spark  Technologies,  7001 
Peachtree  Industrial  Blvd.,  Suite 
446,  Norcross,  GA  30092.  EOE. 


Sr.  Systems  Analyst  for  NJ 
based  Co.  Must  have  a 
Bachelor's  degree  in  Comp. 
Sc.,  Engg.,  5  yrs  of  exp  in  job 
duties  or  Comp.  S/W  dev.  and/or 
consulting  and  prof,  with  RDBMS 
(e.g.  Oracle,  SQL  Server),  Java, 
VC++,  VB,  JSP,  XML,  Unix, 
TCP/IP.  Respond  to:  HR  Dept., 
Digital  Arts,  Inc.,  1 1 9  Cherry  Hill 
Road,  Parsippany,  NJ  07054. 
(Ref:  GG8150IM).  No  phone 
calls. 


♦ 


Product  Marketing  Mgr  -Latin 
America  wanted  for  manufacturer 
of  PC  &  Peripheral  Product 
to  analyze  &  attend  to  Latin 
American  clients'  systems  re¬ 
quirement,  procedures  &  prob¬ 
lems,  improve  existing  systems 
&  promote/market  products  & 
services.  Bachelor  Degree  or 
Foreign  Degree  Equiv.  in  Systems 
Engineering  &  4  yrs  of  experi¬ 
ence  in  job  offered  Send  resume 
to:  Carlos  Jimenez,  ACER  Latin 
America  Inc.  1701  NW  87  Ave. 
Miami,  FI.  33172. 


OLAP  Database  Administration 
Manager  sought  by  NJ  based 
Securities  Dealer.  Must  possess 
Bachelor's  or  equivalent  in  Elec¬ 
tronics  or  Computer  Engineering 
and  5  years  exp.  in  software/ 
systems  development  and  design. 
Respond  to:  Human  Resources 
Department.  Knight  Trading 
Group.  Inc.,  525  Washington 
Blvd.,  Jersey  City,  NJ  07310. 


PeopleSoftTech  Support  Analyst 
wanted  by  Multinational  Ad 
Agency  in  Manh.  Analyze, 
customize,  implement  &  trou¬ 
bleshoot  PeopleSoft  software; 
provide  support  for  software 
applications.  BS  in  Comp  & 
Engineering  &  2  yrs  exp  in  job 
offered  req.  Respond  to:  RP/HR 
Dept,  PO  Box  4241.  GCS,  NY, 
NY  10163. 


XML  Systems  Analysts  needed 
to  dsgn,  dvlp,  test,  maintain  XSD 
code  from  reqmts  documents  as 
UML  diagrams.  Up  to  10%  travel 
reqd  for  conferences/meetings. 
Apply  to  HR  Director,  UCC,  1009 
Lenox  Dr,  Lawrenceville,  NJ 
08648. 


IT  Consulting  Co.  specializing 
in  software  engineering  and 
systems  integration  is  looking  for 
programmers/analysts  for  its 
Chicago,  IL  operations.  Ideal 
candidates  shall  have  degrees  in 
Computer  Science,  Electrical 
Engineering  or  related  field. 
Please  mail  resume  to:  H.R. 
Dept.,  Trigent  Software,  Inc.  at 
1 1  Main  St.,  Southborough,  MA 
01772.  No  calls  please.  EOE. 


Systems  Analyst  sought  by 
Manufacturer  of  Institutional 
Linen  in  Baltimore,  MD.  Must 
have  Bach  in  Comp  Sci.,  Engg  or 
equiv  and  one  yr  relevant  exp. 
Respond  to:  HR  Dept,  Intralin 
Corp.,  2200  Winchester  Street. 
Baltimore,  MD  21216. 


Call  your 
ITcareers  Sales 
Representative 
or  Janis  Crowley. 

1-800-762-2977 
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Network  World  Seminars  and  Events 
are  one  and  two-day,  intensive  seminars 
in  cities  nationwide  covering  the  latest 
networking  technologies.  All  of  our  sem¬ 
inars  are  also  available  for  customized 
on-site  training.  For  complete  and  imme¬ 
diate  information  on  our  current  seminar  offerings,  call  a 
seminar  representative  at  800-643-4668.  or  go  to  www.nwfu- 
sion.com/seminars. 
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Publicize  your  press  coverage  in  Network 
World  by  ordering  reprints  of  your  editorial 
mentions.  Reprints  make  great  marketing 
materials  and  are  available  in  quantities  of 
500  and  up.  To  order,  contact  Reprint 
Management  Services  at  (717)  399-1900  x124 
or  E-mail:  rtry@rmsreprints.com 
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1  makes  moves  in  privacy,  server  areas 


Company  releases  free  Java  tool  for  enforcing  privacy. 


Midrange  box  set  to  roll. 


■  BY  ELLEN  MESSMER 

AUSTIN,  TEXAS  —  IBM  this 
week  is  making  available  a  free 
Java-based  tool  for  defining  pri¬ 
vacy  policies  for  data  and 
enforcing  them  in  Web-based 
applications. 

The  stand-alone  tool,  called 
IBM  Tivoli  Privacy  Wizard,  is 
designed  to  ensure  that  data 
collected  through  Web  applica¬ 
tions  is  earmarked  via  XML  tags 
to  prevent  violations  of  privacy 
policies.  For  instance,  there  may 
be  rules  against  using  certain 
personal  data  for  marketing  pur¬ 
poses  if  collected  for  e-com¬ 


merce  or  human  resources. 

“It  can  be  used  by  IT  adminis¬ 
trators  to  manage  the  life  cycle 
of  the  privacy  policy”says  Arvivd 
Krishna,  an  IBM  Tivoli  Systems 
vice  president.“It’s  a  way  to  auto¬ 
mate  the  privacy  policy.” 

Privacy  Wizard  can  work  with 
privacy  policies  already  defined 
by  a  corporation  or  the  stan- 
dards-based  privacy  policy 
developed  at  the  World  Wide 
Web  Consortium  called  Platform 
for  Privacy  Preferences. 

The  tool  can  be  downloaded 
from  www.nwfusion.com,  Doc 
Finder:  8848.  IBM  Tivoli  ultimate¬ 
ly  might  put  a  price  tag  on  the 


tool,  though  for  now  it  hopes 
organizations  will  download  it 
and  experiment  with  it. 

In  related  news,  IBM  says  Ernst 
&  Young  has  decided  to  join  the 
IBM  Privacy  Management  Coun¬ 
cil.  This  organization  consists  of 
companies  in  retail,  healthcare, 
technology  and  other  industries 
that  meet  to  discuss  the  status  of 
government  and  corporate  pri¬ 
vacy  regulations  around  the 
world.  Members  include  De- 
loitte  &  Touche,  Fidelity  In¬ 
vestments,  Marriott  Interna¬ 
tional,  Novant  Health,  T.  Rowe 
Price  and  the  U.S.  Department  of 
Commerce.  ■ 


■  BY  OENI  CONNOR 

IBM  is  expected  to  announce 
today  a  new  midrange  server  that 
has  mainframe  capabilities  such 
as  partitioning  and  virtual  server 
management. 

Called  the  p670,the  Unix  server 
is  a  smaller  version  of  IBM’s  pow¬ 
erful  p690  ‘Regatta’  server.  The 
p670  uses  the  Power4  micro¬ 
processor  and  can  be  divided 
into  more  than  12  virtual  servers 
and  16  partitions,  letting  users 
consolidate  smaller  systems, 
share  operating  systems  and  per¬ 
form  multiple,  concurrent  tasks. 

The  p670,  which  has  four  to  16 


processors,  can  run  several  appli¬ 
cations  in  each  partition  and  dif¬ 
ferent  operating  systems  on  each 
processor. 

The  server  uses  some  of  IBM’s 
self-healing,  self-managing  Proj¬ 
ect  Eliza  technology,  including 
the  ability  to  continue  operations 
through  major  failures  and  sys¬ 
tem  errors. The  idea  behind  Eliza 
is  to  help  users  by  automating 
many  of  the  tasks  customers  now 
spend  time  doing  manually 

The  p670  runs  AIX  5L  and  is  64- 
bit  Linux-ready.  It  starts  at 
$178,270  and  is  expected  to  be 
available  this  month. 

IBM:  www.ibm.com 


Convergence  gains 

Analysts  predict  IP  PBX  line  shipments  will  explode 
over  the  next  few  years,  significantly  narrowing  the 
gap  vs.  shipments  of  traditional  PBX  lines. 


PBX  line  shipments  (in  millions) 


■  New  IP  PBX  line  shipments  ■  New  PBX  line  shipments 

SOURCE:  THE  PHILLIPS  GROUP 


VON 

continued  from  page  1 
every  desktop. 

The  idea  of  mixing  an  IP  PBX 
with  existing  digital  handsets  is 
appealing  to  Steve  Sharrock,  IS 
manager  at  Portage  Path  Behav¬ 
ioral  Health  in  Akron, Ohio.Shar- 
rock  recently  installed  3Com’s 
NBX  in  two  of  the  mental  health 
clinic’s  five  offices  and  is  looking 
to  eventually  replace  all  the 
company’s  AD1X  PBX  systems 
with  the  3Com  gear. 

“If  I  could  replace  an  old 
[phone  system]  and  not  have  to 
replace  the  phones,  that  would 
be  great,”  Sharrock  says.  “The 
programming  is  a  nightmare  on 
any  key  system.  One  of  the 
things  I  like  about  NBX  is  the 
ability  to  change  the  configura¬ 
tion  easily” 

Because  his  company  is  non¬ 
profit,  Sharrock  is  always  look¬ 
ing  for  ways  to  reuse  or  inte¬ 
grate  existing  equipment  with 
new  gear. 

“Recouping  my  investment  in 
old  phones  and  having  all  the 
graphical  management  of  the 
NBX  would  be  pretty  slick,” 
he  says. 

Support  for  call  centers 

For  large  call  centers,  Aspect 
Communications  will  launch  IP 
Contact  Center  1.1  at  VON.  As¬ 
pect  has  added  support  for 
H. 323, Session  Initiation  Protocol 
(SIP)  and  media  gateway  control 
protocol  phones  to  IP  Contact 
Center.  Also  added  are  unified 
voice  and  email  messaging  sup¬ 
port  for  call  center  agents  and 
email  integration  with  Lotus 


Domino  servers. 

Aspect’s  earlier  IP  Contact 
Center  release  supported  only  a 
softphone  application  with  a  PC 
running  Microsoft  NetMeeting 
or  digital  desktop  phones  tied 
to  the  IP  Contact  Center  through 
a  circuit-switched  PBX  trunk. 
The  new  software  supports  stan- 
dards-based  IP  phones  from 
vendors  such  as  Cisco  and 
Polycom. 

Voice  messaging  on  the  IP  Con¬ 
tact  Center  will  let  customers 
leave  a  voice  mail  for  a  customer 
call  agent.  The  voice  mails  are 
converted  to  digital  audio  files, 
and  can  be  routed  to  the  call 
agent’s  Lotus  Notes  inbox  or 
Microsoft  Outlook  inbox.  (IP  Con¬ 
tact  Center  previously  supported 
only  Outlook.)  The  software  will 
cost  between  $2,000  and  $6,000 
per  agent,  and  will  be  available 
in  May 

With  so  many  options  for  IP 
telephony  now  available,  busi¬ 
nesses  are  starting  to  accept 


convergence  as  the  next  step  in 
business  phone  systems,  indus¬ 
try  watchers  say.  Last  year,  the 
average  IP  telephony  rollout 
increased  to  68  IP  handsets  per 
install  —  up  from  42  the  year 
before,  according  to  In-State/ 
MDR.  IP  PBX  line  shipments  are 
expected  to  rise  more  than 
700%  by  2004,  while  traditional 
PBX  line  shipments  will  de¬ 
crease  around  20%  over  the 
same  time  period  (see  graphic, 
above). 

Traditionally,  VON  has  focused 
on  packet  telephony  in  carrier 
networks,  but  this  week’s  show 
will  feature  many  enterprise 
twists.  Included  will  be  the  day¬ 
long  VON  Enterprise  Forum;  a 
three-day  enterprise  VoIP  session 
track  and  the  Network  World  VoIP 
Showdown,  in  which  representa¬ 
tives  from  Alcatel,  Avaya,  Nortel 
and  Shoreline  will  participate  in  a 
presidential-style  debate  about 
enterprise  VoIP  hosted  by  John 
Di x,Network  World  editor  in  chief. 


Other  vendors  making  an¬ 
nouncements  at  VON  include: 

•  Mitel,  which  will  announce 
two  IP  PBXs  for  small  and  midsize 
branch  offices.  The  Mitel  Net¬ 
works  3340  Branch  Office  So¬ 
lution  is  an  IP  call  server  that  can 
be  used  to  link  hundreds  of  users 
in  several  offices  over  IR  with  a 
common  dial  plan  and  toll-free 
long-distance  calling  over  a  WAN 
connection. 

The  3050  Integrated  Communic¬ 
ations  Platform  is  geared  for 
offices  with  10  users  and  com¬ 
bines  a  Linux  firewall,  VPN  en¬ 
cryption,  a  SIP-based  IP  PBX  and 
an  802.1  lb  wireless  access  point 
for  LAN  connections.  Both  prod¬ 
ucts  work  with  Mitel’s  5055  SIP 
phone. 

•  Hughes  Software  Systems 


will  release  its  HSS  SIP  Server, 
which  can  control  applications 
such  as  SIP-based  voice  calls 
and  conferences  among  such 
SIP  devices  as  IP  phones  and 
PCs  running  Microsoft’s  SIP- 
based  Windows  Messenger,  in¬ 
cluded  in  Windows  XP 

•  GoBeam  will  introduce  Dash¬ 
board  2.0,  a  browser-based  mes¬ 
saging  client  that  will  let  remote 
or  home-office  users  access 
voice  mail  and  schedule  confer¬ 
ence  calls  over  the  Web. 

•  Siemens  will  demonstrate 
SIP  and  H.323  interoperability 
with  its  OptiPoint  400  IP 
phones.  ■ 

Get  more  information  online. 
DocFinder:  8844 
www.nwfusion.com 
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Practical  politics  for  IT  players 


“A  politician  is  an  animal 
which  can  sit  on  a  fence 
and  yet  keep  both  ears 
to  the  ground.” 

-  H.  L.  Mencken 

Last  week  I  concluded: “As  IT  becomes  increas¬ 
ingly  important  in  business,  IT  people  have  to 
become  more  politically  adept. The  sooner  we 
start  playing  politics  the  sooner  we  will  get  the 
power  we  need  to  effectively  do  the  job  we  love.” 

The  essence  of  politics  is  this:  If  you  want  to  be  a 
long-term  player,  choose  your  battles  carefully  Don’t 
fight  a  battle  just  because  you  can;  fight  it  because  it 
is  a  tactic  that  supports  your  overall  strategy. 

But  many  people  are  just  ready  for  a  fight.  And 
when  you  are  reflexively  rebellious, you  wind  up 
fighting  every  battle.  In  the  IT  world,  there  are  many 
people  who  adopt  rebellious  poses. 

Just  look  at  most  programming,  systems  engineer¬ 
ing  and  support  groups  —  you  will  see  more  anti¬ 
social  habits  and  poor  grooming  than  can  be  ac¬ 
counted  for  by  simple  ignorance  and  sloth. These 
people  often  display  their  defiance  of  “the  system” 
in  every  way  that  doesn’t  get  them  fired. 


At  the  heart  of  this  posturing  is  an  unwillingness  to 
“play  the  game”  that  is  rooted  in  the  idea  that  the 
magic  IT  does  with  computers  somehow  is  better 
than  whatever  other  groups  in  the  organization  do. 

While  we  could  get  away  with  this  position  when 
we  were  the  hot  Young  Turks,  that  time  has  passed. 
We’re  now  mainstream  players  and  we  need  to  grow 
up  and  play  politics.  For  example, you  might  have 
put  Web  servers  in  place  for  a  supplier  extranet  but 
have  not  yet  provided  an  interface  from  the  extranet 
into  the  order  processing  system.You  get  points  for 
the  extranet,  but  the  missing  pieces  can  loose  you 
lots  of  points.That  is,  unless  you  get  political. 

Getting  political  is  about  communicating  the  issues 
—  making  the  company  aware  that  you  have  done 
everything  possible  and  that  1)  more  time  is  needed 
to  ensure  a  secure  and  reliable  solution;  or  2)  more 
money  is  needed.  Or  whatever  reasons  you  have.The 
only  politically  right  thing  to  do  is  to  step  up,  own 
the  problem  and  offer  to  solve  it. 

Similarly,  the  fact  that  these  Web  servers  function  so 
well  because  of  the  bitchin’  network  that  underlies 
them  is  not  something  that  most  people  in  the  orga¬ 
nization  would  know  anything  about.This  under¬ 
scores  the  issue  of  where  the  business  knows  it  is 
being  supported  and  where  it  doesn’t  have  a  clue. 


It  would  be  wise  to  make  sure  everyone  knows  as 
much  as  you  can  tell  them  about  the  benefits  of 
your  infrastructure.  And  don’t  give  them  detail 
about  the  routers  and  virtual  LANs  and  so  on,  give 
’em  the  big  picture  about  how  much  business  is 
done  on  the  network,  how  much  the  network  has 
increased  revenue,  how  much  customers  love  it 
and  —  this  is  key  —  how  much  better  it  is  than 
what  the  competition  has. 

Playing  politics  in  a  corporate  setting  is  about 
establishing  your  value  and  position  —  not  about 
staying  separate  from  the  organization  and  just 
“doing  your  job.” 

While  “doing  your  job”  might  sound  appropriate 
and  like  something  that  should  be  rewarded,  the 
facts  of  life  are  that  the  rest  of  the  company  has  to 
appreciate  what  you  do.  And  it  is  no  good  just  bang¬ 
ing  your  drum  to  try  to  get  the  company  to  acknowl¬ 
edge  your  role  —  you  have  to  finesse  your  message 
into  the  mix,  make  your  case  and  prove  it.  It  is  all 
about  making  relationships  that  provide  the  scaffold¬ 
ing  that  support  and  justify  your  existence. 

The  need  for  IT  to  play  politics  is  something  that 
cannot  be  ignored.  At  least,  if  you  want  to  be  a  player. 

Game  plans  to  nwcolumn@gibbs.com. 
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Paul  McNamara 

Do-it-yourself  DSL  is  no  pipe  dream 

There  seems  to  be  a  better  chance  of  the  Macy's 
Thanksgiving  Day  Parade  coming  to  my  neighbor¬ 
hood  this  year  than  us  getting  DSL  service  from 
Verizon. . . .  And  I  live  in  Massachusetts,  not  New 
York  City. 

Carl  Oppedahl  has  long  felt  the  same  way  about 
his  Colorado  neighborhood  and  Qwest.  Here's  the 
difference  between  us,  though:  Oppedahl  isn’t  just  whining  about  his  dearth  of 
DSL;  he's  going  out  and  rolling  his  own. 

An  attorney  by  trade,  Oppedahl  is  spearheading  the  Ruby  Ranch  Internet 
Cooperative  Association,  whose  mission  since  being  founded  last  year  has  been 
to  provide  DSL  service  to  the  40  homes  in  the  members'  subdivision  in  Summit 
County,  Colo. 

This  has  turned  out  to  be  easier  said  than  done. 

Assembling  the  necessary  equipment  wasn't  hard  —  the  group's  DSLAM  is 
housed  in  a  barn  —  but  getting  Qwest  to  cooperate  proved  to  be  the  most  daunt¬ 
ing  task.  (You  can  read  everything  you'd  ever  want  to  know  about  such  a  project 
at  www.rric.net.) 

“By  far  the  biggest  challenge  faced  by  the  Coop  —  a  challenge  that  dwarfed 
any  of  the  technical  and  financial  challenges  —  was  gaining  access  to  subloops 
•rom  Qwest  under  the  Telecommunications  Act  of  1996,”  reads  the  homepage 
vtroduction.  “The  course  of  negotiations  was  such  that  the  Coop  found  it  neces¬ 
sary  to  file  an  informal  complaint  with  the  Federal  Communications  Commission 
and  subsequently  found  it  necessary  to  pursue  arbitration  before  the  Colorado 
Public  Service  Commission." 

The  Ruby  Ranchers  won  some  and  lost  some  before  that  commission,  but  the 
bottom  line  is  that  they  are  now  within  a  fistful  of  paperwork  from  bringing  high¬ 
speed  'Net  access  to  homes  that  would  otherwise  go  on  wanting. 

It  took  us  some  10  months  to  go  through  the  negotiations,  which  means  one 


needs  to  start  with  the  phone  company  maybe  a  year  in  advance  of  when  you  really 
want  to  launch  service,”  Oppedahl  says.  “Others  might  have  better  luck  than  us  with 
their  phone  company,  in  which  case  maybe  they  would  not  face  a  yearlong  delay." 

By  better  luck  he  means  less  grief. 

“We  surely  hope  that  others  will  consider  setting  up  their  own  DSL  systems,” 
Oppedahl  adds.  „ 

Personally,  I'll  wait  for  the  parade. 

Can  cookies  be  far  behind? 

A  colleague’s  friend  in  Vladivostok  offers  this  report  on  how  capitalistic  princi¬ 
ples  on  worker  protection  —  and  perks  —  are  evolving  in  Russia: 

"Section  173  of  the  recently  enacted  Russian  Labor  Code  specifies  that  'any 
employer  who  has  an  employee  work  at  a  computer  for  four  continuous  hours 
shall  provide  that  employee  with  0.5  liter  of  milk,’"  writes  the  friend. 

Seriously?  . .  .  Well,  yes  and  no. 

"It  is  law. . .  .  Now  will  employers  obey  this?  Ha!  They  don’t  obey  anything.  But 
then,  neither  do  the  employees!" 

Perhaps  the  compliance  rate  would  be  higher  if  the  law  allowed  for  leeway 
regarding  the  choice  of  beverage. 

There’s  no  such  thing  as  bad  news 

Sometimes  we  in  the  news  business  have  to  take  a  step  back  and  tip  our  hats 
to  the  creativity  of  our  friends  in  public  relations.  Witness  this  opening  sentence 
in  a  press  release  from  Yipes: 

“Yipes  Communications,  the  defining  provider  of  instantly  scalable  Ethernet  ser¬ 
vices,  today  announced  that  it  is  seeking  to  restructure  its  business  to  enhance 
future  growth  opportunities." 

Who’d  have  thought  that  this  was  another  way  to  say  the  company  filed  for 
bankruptcy? 

No  need  to  mince  words  if  you  have  something  to  say  about  any  of  this.  The 
address  is  buzz@nww.com. 
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RS16000 


Introducing  the  RS  16000  from  Riverstone  Networks. 


It’s  the  new  generation  of  router  built  expressly  for 


Gigabit  and  10-Gigabit  Metropolitan  Area  Networks 


The  chassis-based  RS  16000  delivers  up  to  60  wire- 


speed  Gigabit,  ports,  along  with  10-Gigabit  Ethernet 


and  CWDM  uplinks  all  in  5  rack  units  -  that's  70%  more 


Gigabit  ports  per  rack  inch  than  the  nearest  competitor. 


For  service  providers,  this  means  more  revenue  per 


rack  and  lower  operating  costs 


But  the  RS  16000  is  more  than  the  highest  density  router 


in  the  industry.  As  a  full-function,  Internet-caliber  metro- 


optimized  router,  it  also  delivers  rich  service  creation 


capabilities.  Through  hardware-based  MPLS,  bandwidth 


carving,  and  extensive  billing  and  accounting,  the  RS  16000 


converts  raw  bandwidth  into  profitable  services  for  carriers 


throughout  the  Metropolitan  Area  Network. 
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60  GIGABIT  PORTS,  10-GIGABIT  UPLINKS, 


WIRE-SPEED  METRO  ROUTER  WITH  MPLS. 


Contact  Riverstone  Networks  at  1-877-778-9595  or  visit 


ALL  IN  5  RACK  UNITS. 


riverstonenet.com/nww  to  see  how  we're  changing  the 


rules  in  the  Metro. 
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